* [PATCH COMMITTED] Add NEWS entry for CVE-2016-6323
@ 2016-08-16 9:19 Florian Weimer
0 siblings, 0 replies; only message in thread
From: Florian Weimer @ 2016-08-16 9:19 UTC (permalink / raw)
To: GNU C Library
[-- Attachment #1: Type: text/plain, Size: 53 bytes --]
Actually as two patches, consolidated here.
Florian
[-- Attachment #2: cantunwind.patch --]
[-- Type: text/x-patch, Size: 577 bytes --]
diff --git a/NEWS b/NEWS
index fe9ff1c..aaed9e0 100644
--- a/NEWS
+++ b/NEWS
@@ -34,7 +34,11 @@ Version 2.25
Security related changes:
- [Add security related changes here]
+ On ARM EABI (32-bit), generating a backtrace for execution contexts which
+ have been created with makecontext could fail to terminate due to a
+ missing .cantunwind annotation. This has been observed to lead to a hang
+ (denial of service) in some Go applications compiled with gccgo. Reported
+ by Andreas Schwab. (CVE-2016-6323)
The following bugs are resolved with this release:
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-08-16 9:19 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-08-16 9:19 [PATCH COMMITTED] Add NEWS entry for CVE-2016-6323 Florian Weimer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).