From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 48634 invoked by alias); 16 Mar 2019 22:32:21 -0000 Mailing-List: contact libc-stable-help@sourceware.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Subscribe: List-Archive: Sender: libc-stable-owner@sourceware.org Received: (qmail 48618 invoked by uid 89); 16 Mar 2019 22:32:21 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.100.2 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-26.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3 autolearn=ham version=3.3.1 spammy= X-Spam-Status: No, score=-26.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3 autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on sourceware.org X-Spam-Level: X-HELO: hall.aurel32.net Received: from hall.aurel32.net (HELO hall.aurel32.net) (163.172.24.10) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sat, 16 Mar 2019 22:32:19 +0000 Received: from [2a01:e35:2e4c:a861:655e:aef3:f589:b897] (helo=ohm.rr44.fr) by hall.aurel32.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1h5Hqj-0000pr-Ue; Sat, 16 Mar 2019 23:32:17 +0100 Received: from aurel32 by ohm.rr44.fr with local (Exim 4.92) (envelope-from ) id 1h5Hqj-0007cW-IT; Sat, 16 Mar 2019 23:32:17 +0100 From: Aurelien Jarno To: libc-stable@sourceware.org Cc: Aurelien Jarno Subject: [2.29 COMMITTED] Record CVE-2019-9169 in NEWS and ChangeLog [BZ #24114] Date: Tue, 01 Jan 2019 00:00:00 -0000 Message-Id: <20190316223151.29219-2-aurelien@aurel32.net> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190316223151.29219-1-aurelien@aurel32.net> References: <20190316223151.29219-1-aurelien@aurel32.net> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-IsSubscribed: yes X-SW-Source: 2019-03/txt/msg00003.txt.bz2 (cherry picked from commit b626c5aa5d0673a9caa48fb79fba8bda237e6fa8) --- ChangeLog | 1 + NEWS | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index fb88626efe1..80413dd5608 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 2019-01-31 Paul Eggert + CVE-2019-9169 regex: fix read overrun [BZ #24114] Problem found by AddressSanitizer, reported by Hongxu Chen in: https://debbugs.gnu.org/34140 diff --git a/NEWS b/NEWS index 340e06d0f4f..271bf7a2cd6 100644 --- a/NEWS +++ b/NEWS @@ -24,6 +24,10 @@ Security related changes: memcmp gave the wrong result since it treated the size argument as zero. Reported by H.J. Lu. + CVE-2019-9169: Attempted case-insensitive regular-expression match + via proceed_next_node in posix/regexec.c leads to heap-based buffer + over-read. Reported by Hongxu Chen. + Version 2.29 -- 2.20.1