From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <aurelien@aurel32.net>
Received: from hall.aurel32.net (hall.aurel32.net [IPv6:2001:bc8:30d7:100::1])
 by sourceware.org (Postfix) with ESMTPS id D27EF3945064
 for <libc-stable@sourceware.org>; Thu, 19 Mar 2020 22:13:33 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org D27EF3945064
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=aurel32.net
Authentication-Results: sourceware.org;
 spf=none smtp.mailfrom=aurelien@aurel32.net
Received: from [2a01:e35:2fdd:a4e1:fe91:fc89:bc43:b814] (helo=ohm.rr44.fr)
 by hall.aurel32.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.92) (envelope-from <aurelien@aurel32.net>)
 id 1jF3Px-0001Z7-0K; Thu, 19 Mar 2020 23:13:33 +0100
Received: from aurel32 by ohm.rr44.fr with local (Exim 4.93)
 (envelope-from <aurelien@aurel32.net>)
 id 1jF3Pw-001ztv-El; Thu, 19 Mar 2020 23:13:32 +0100
From: Aurelien Jarno <aurelien@aurel32.net>
To: libc-stable@sourceware.org
Subject: [2.30 COMMITTED] Add NEWS entry for CVE-2020-1752 (bug 25414)
Date: Thu, 19 Mar 2020 23:13:31 +0100
Message-Id: <20200319221331.476215-1-aurelien@aurel32.net>
X-Mailer: git-send-email 2.24.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-24.7 required=5.0 tests=GIT_PATCH_0, GIT_PATCH_1,
 GIT_PATCH_2, GIT_PATCH_3, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY,
 RCVD_IN_DNSWL_LOW, SPF_HELO_PASS,
 SPF_NONE autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: libc-stable@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-stable mailing list <libc-stable.sourceware.org>
List-Unsubscribe: <http://sourceware.org/mailman/options/libc-stable>,
 <mailto:libc-stable-request@sourceware.org?subject=unsubscribe>
List-Archive: <http://sourceware.org/pipermail/libc-stable/>
List-Help: <mailto:libc-stable-request@sourceware.org?subject=help>
List-Subscribe: <http://sourceware.org/mailman/listinfo/libc-stable>,
 <mailto:libc-stable-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Mar 2020 22:13:34 -0000

(cherry picked from commit 39a05214fe14ff722d4d92e697fb71ff15e84e70)
---
 NEWS | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/NEWS b/NEWS
index 0c4a78c3d56..d966688a565 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,9 @@ CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
   corruption when they were passed a pseudo-zero argument.  Reported by Guido
   Vranken / ForAllSecure Mayhem.
 
+CVE-2020-1752: A use-after-free vulnerability in the glob function when
+  expanding ~user has been fixed.
+
 The following bugs are resolved with this release:
 
   [23518] login: Remove utmp backend jump tables
-- 
2.24.1