* [PATCH] NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3)
@ 2021-01-29 16:32 Florian Weimer
2021-01-29 16:38 ` Paul Zimmermann
0 siblings, 1 reply; 3+ messages in thread
From: Florian Weimer @ 2021-01-29 16:32 UTC (permalink / raw)
To: libc-alpha
---
NEWS | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/NEWS b/NEWS
index 6521a4f5b7..01cbf282c3 100644
--- a/NEWS
+++ b/NEWS
@@ -102,6 +102,12 @@ Changes to build and runtime requirements:
Security related changes:
+ CVE-2021-3326: An assertion failure during conversion from from the
+ qISO-20220-JP-3 character set using the iconv function has been fixed.
+ This assertion wis triggered by certain valid inputs in which the
+ converted output contains a combined sequence of two wide characters
+ crossing a buffer boundary. Reported by Tavis Ormandy.
+
CVE-2020-27618: An infinite loop has been fixed in the iconv program when
invoked with input containing redundant shift sequences in the IBM1364,
IBM1371, IBM1388, IBM1390, or IBM1399 character sets.
--
Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3)
2021-01-29 16:32 [PATCH] NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3) Florian Weimer
@ 2021-01-29 16:38 ` Paul Zimmermann
2021-01-29 16:39 ` Florian Weimer
0 siblings, 1 reply; 3+ messages in thread
From: Paul Zimmermann @ 2021-01-29 16:38 UTC (permalink / raw)
To: Florian Weimer; +Cc: libc-alpha
Dear Florian,
> + CVE-2021-3326: An assertion failure during conversion from from the
duplicate "from"
> + qISO-20220-JP-3 character set using the iconv function has been fixed.
> + This assertion wis triggered by certain valid inputs in which the
wis -> was
> + converted output contains a combined sequence of two wide characters
> + crossing a buffer boundary. Reported by Tavis Ormandy.
Paul
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH] NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3)
2021-01-29 16:38 ` Paul Zimmermann
@ 2021-01-29 16:39 ` Florian Weimer
0 siblings, 0 replies; 3+ messages in thread
From: Florian Weimer @ 2021-01-29 16:39 UTC (permalink / raw)
To: Paul Zimmermann; +Cc: libc-alpha
* Paul Zimmermann:
> Dear Florian,
>
>> + CVE-2021-3326: An assertion failure during conversion from from the
>
> duplicate "from"
>
>> + qISO-20220-JP-3 character set using the iconv function has been fixed.
>> + This assertion wis triggered by certain valid inputs in which the
>
> wis -> was
>
>> + converted output contains a combined sequence of two wide characters
>> + crossing a buffer boundary. Reported by Tavis Ormandy.
Thanks, will send a v2.
Florian
--
Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-01-29 16:39 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-29 16:32 [PATCH] NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3) Florian Weimer
2021-01-29 16:38 ` Paul Zimmermann
2021-01-29 16:39 ` Florian Weimer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).