From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from hall.aurel32.net (hall.aurel32.net [IPv6:2001:bc8:30d7:100::1]) by sourceware.org (Postfix) with ESMTPS id B2AD7393741C for ; Wed, 11 Mar 2020 12:03:00 +0000 (GMT) Received: from [2a01:e35:2fdd:a4e1:fe91:fc89:bc43:b814] (helo=ohm.rr44.fr) by hall.aurel32.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jC04h-0004Pp-Rw; Wed, 11 Mar 2020 13:02:59 +0100 Received: from aurel32 by ohm.rr44.fr with local (Exim 4.93) (envelope-from ) id 1jC04h-004p8G-8S; Wed, 11 Mar 2020 13:02:59 +0100 From: Aurelien Jarno To: libc-stable@sourceware.org Subject: [2.30 COMMITTED 3/3] Add NEWS entry for CVE-2020-10029 (bug 25487) Date: Wed, 11 Mar 2020 13:02:45 +0100 Message-Id: <20200311120245.1026089-3-aurelien@aurel32.net> X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200311120245.1026089-1-aurelien@aurel32.net> References: <20200311120245.1026089-1-aurelien@aurel32.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-27.6 required=5.0 tests=BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_LOW, SPF_HELO_PASS, SPF_NONE autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-stable@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-stable mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Mar 2020 12:03:01 -0000 (cherry picked from commit 15ab195229dc288d1d49612c3de14a33b88065ed) --- NEWS | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/NEWS b/NEWS index 67018b06582..0c4a78c3d56 100644 --- a/NEWS +++ b/NEWS @@ -15,6 +15,10 @@ CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC addresses for loaded libraries and thus bypass ASLR for a setuid program. Reported by Marcin Koƛcielnicki. +CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack + corruption when they were passed a pseudo-zero argument. Reported by Guido + Vranken / ForAllSecure Mayhem. + The following bugs are resolved with this release: [23518] login: Remove utmp backend jump tables -- 2.24.1