From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <aurelien@aurel32.net>
Received: from hall.aurel32.net (hall.aurel32.net [IPv6:2001:bc8:30d7:100::1])
 by sourceware.org (Postfix) with ESMTPS id 0DBD23857C4A
 for <libc-stable@sourceware.org>; Thu, 16 Jul 2020 17:24:56 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 0DBD23857C4A
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=aurel32.net
Authentication-Results: sourceware.org;
 spf=none smtp.mailfrom=aurelien@aurel32.net
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=aurel32.net
 ; s=202004.hall;
 h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:
 Subject:Cc:To:From:Content-Type:From:Reply-To:Subject:Content-ID:
 Content-Description:In-Reply-To:References:X-Debbugs-Cc;
 bh=fDhlDKujBGG35+KCoYjYt4H/13+3gowCbi922urlJaw=; b=ASmkM/jFNPCGcaJsLPxoZBfRdx
 2cO/AhooWPdZgKMXnwl6HrVqqXSlrNbd8hI9elQhPV368LgkUOEBcQ8rJcENi36IpEO5CncXrjVr8
 rTk3ZH0XzRGppFZu/p+f3EyOCll3wm32W4ynD7oyQcMZQBGF2KALM7f+Ezz2f8uddxxf9GOo2hJPi
 fdpUiYZz4NBQxL3WatvTMeMHxIeECp1X7s8cxaK0XfCCGVSpbOFgLnEEZnDyIpV8H907AHVf6UCp3
 o4a9EKsv6L83W4eUJeaxk9BZTDwmKjW/P7K1Slu+VYKqKp82E3atVAB7+xXoEdC7xYhmkBVm4jh60
 W8LrZGeg==;
Received: from [2a01:e35:2fdd:a4e1:fe91:fc89:bc43:b814] (helo=ohm.rr44.fr)
 by hall.aurel32.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.92) (envelope-from <aurelien@aurel32.net>)
 id 1jw7cs-00086m-EO; Thu, 16 Jul 2020 19:24:54 +0200
Received: from aurel32 by ohm.rr44.fr with local (Exim 4.94)
 (envelope-from <aurelien@aurel32.net>)
 id 1jw7cr-00DSml-SI; Thu, 16 Jul 2020 19:24:53 +0200
From: Aurelien Jarno <aurelien@aurel32.net>
To: libc-stable@sourceware.org
Cc: Aurelien Jarno <aurelien@aurel32.net>, Carlos O'Donell <carlos@redhat.com>
Subject: [2.31 COMMITTED] Add NEWS entry for CVE-2020-6096 (bug 25620)
Date: Thu, 16 Jul 2020 19:24:52 +0200
Message-Id: <20200716172452.3208867-1-aurelien@aurel32.net>
X-Mailer: git-send-email 2.27.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-10.7 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, SPF_HELO_PASS, SPF_NONE,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: libc-stable@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-stable mailing list <libc-stable.sourceware.org>
List-Unsubscribe: <http://sourceware.org/mailman/options/libc-stable>,
 <mailto:libc-stable-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-stable/>
List-Help: <mailto:libc-stable-request@sourceware.org?subject=help>
List-Subscribe: <http://sourceware.org/mailman/listinfo/libc-stable>,
 <mailto:libc-stable-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jul 2020 17:24:57 -0000

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

(cherry picked from commit 17400c4bcd57d84add1da3aa93248ef2efdb0ccb)
---
 NEWS | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/NEWS b/NEWS
index 0e2dc39523b..daf4b727cd7 100644
--- a/NEWS
+++ b/NEWS
@@ -37,6 +37,11 @@ Security related changes:
   CVE-2020-1752: A use-after-free vulnerability in the glob function when
   expanding ~user has been fixed.
 
+  CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
+  memmove functions has been fixed.  Discovered by Jason Royes and Samual
+  Dytrych of the Cisco Security Assessment and Penetration Team (See
+  TALOS-2020-1019).
+
 
 Version 2.31
 
-- 
2.27.0