From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dj@redhat.com>
Received: from rhel8.vm.delorie.com (d-159-250-13-23.nh.cpe.atlanticbb.net
 [159.250.13.23])
 by sourceware.org (Postfix) with ESMTPS id 3ABCB3987C31
 for <libc-alpha@sourceware.org>; Wed,  3 Mar 2021 19:56:01 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 3ABCB3987C31
Received: from rhel8.vm.redhat.com (localhost [127.0.0.1])
 by rhel8.vm.delorie.com (8.15.2/8.15.2) with ESMTPS id 123Jtwvk017463
 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT);
 Wed, 3 Mar 2021 14:55:58 -0500
From: DJ Delorie <dj@redhat.com>
To: Andreas Schwab <schwab@linux-m68k.org>
Cc: libc-alpha@sourceware.org
Subject: Re: [PATCH v1] NEWS: Add entry for CVE-2021-27645
In-Reply-To: <87v9a8w2kp.fsf@igel.home> (message from Andreas Schwab on Wed,
 03 Mar 2021 18:48:38 +0100)
Date: Wed, 03 Mar 2021 14:55:58 -0500
Message-ID: <xn5z28vwoh.fsf@rhel8.vm>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Status: No, score=-15.7 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_NUMSUBJECT, KHOP_HELO_FCRDNS,
 RDNS_DYNAMIC, SPF_FAIL, SPF_HELO_NONE,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Mar 2021 19:56:03 -0000

Andreas Schwab <schwab@linux-m68k.org> writes:
> You need to add it to NEWS.

---
 NEWS | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 73a1a0df97..aa0f10a891 100644
--- a/NEWS
+++ b/NEWS
@@ -31,7 +31,10 @@ Changes to build and runtime requirements:
 
 Security related changes:
 
-  [Add security related changes here]
+  CVE-2021-27645: The nameserver caching daemon (nscd), when processing
+  a request for netgroup lookup, may crash due to a double-free,
+  potentially resulting in degraded service or Denial of Service on the
+  local system.  Reported by Chris Schanzle.
 
 The following bugs are resolved with this release:
 
-- 
2.29.2