From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 107487 invoked by alias); 2 Dec 2017 09:52:14 -0000 Mailing-List: contact libc-stable-help@sourceware.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Subscribe: List-Archive: Sender: libc-stable-owner@sourceware.org Received: (qmail 107451 invoked by uid 89); 2 Dec 2017 09:52:14 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.99.2 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.7 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_LAZY_DOMAIN_SECURITY,KB_WAM_FROM_NAME_SINGLEWORD,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 spammy=HContent-Transfer-Encoding:8bit X-Spam-Status: No, score=-25.7 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_LAZY_DOMAIN_SECURITY,KB_WAM_FROM_NAME_SINGLEWORD,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: hall.aurel32.net Received: from hall.aurel32.net (HELO hall.aurel32.net) (163.172.24.10) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sat, 02 Dec 2017 09:52:12 +0000 Received: from [2001:bc8:30d7:120:9bb5:8936:7e6a:9e36] (helo=ohm.rr44.fr) by hall.aurel32.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1eL4Sw-0002Eo-1W; Sat, 02 Dec 2017 10:52:10 +0100 Received: from aurel32 by ohm.rr44.fr with local (Exim 4.89) (envelope-from ) id 1eL4Sv-0002by-1y; Sat, 02 Dec 2017 10:52:09 +0100 From: Aurelien Jarno To: libc-stable@sourceware.org Cc: Aurelien Jarno Subject: [COMMITTED 2.25 8/8] Update NEWS to add CVE-2017-15804 entry Date: Sun, 01 Jan 2017 00:00:00 -0000 Message-Id: <20171202095206.9955-8-aurelien@aurel32.net> X-Mailer: git-send-email 2.15.0 In-Reply-To: <20171202095206.9955-1-aurelien@aurel32.net> References: <20171202095206.9955-1-aurelien@aurel32.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-IsSubscribed: yes X-SW-Source: 2017-12/txt/msg00004.txt.bz2 (cherry picked from commit 15e84c63c05e0652047ba5e738c54d79d62ba74b) --- NEWS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 40ecd30fc5..0a8f20e371 100644 --- a/NEWS +++ b/NEWS @@ -17,8 +17,8 @@ Security related changes: processing, leading to a memory leak and, potentially, to a denial of service. - The glob function, when invoked with GLOB_TILDE and without - GLOB_NOESCAPE, could write past the end of a buffer while + CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and + without GLOB_NOESCAPE, could write past the end of a buffer while unescaping user names. Reported by Tim Rühsen. The following bugs are resolved with this release: -- 2.15.0