From: "Dmitry V. Levin" <ldv@altlinux.org>
To: libc-stable@sourceware.org
Subject: [2.27 COMMITTED] Add NEWS entry for CVE-2020-6096 (bug 25620)
Date: Tue, 17 Nov 2020 00:01:20 +0300 [thread overview]
Message-ID: <20201116210120.GH28063@altlinux.org> (raw)
From: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 17400c4bcd57d84add1da3aa93248ef2efdb0ccb)
---
NEWS | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/NEWS b/NEWS
index cf36993718..ca2012de45 100644
--- a/NEWS
+++ b/NEWS
@@ -76,6 +76,11 @@ Security related changes:
CVE-2020-1752: A use-after-free vulnerability in the glob function when
expanding ~user has been fixed.
+ CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
+ memmove functions has been fixed. Discovered by Jason Royes and Samual
+ Dytrych of the Cisco Security Assessment and Penetration Team (See
+ TALOS-2020-1019).
+
The following bugs are resolved with this release:
[6889] 'PWD' mentioned but not specified
@@ -159,6 +164,7 @@ The following bugs are resolved with this release:
[25232] No const correctness for strchr et al. for Clang++
[25414] 'glob' use-after-free bug (CVE-2020-1752)
[25423] Array overflow in backtrace on powerpc
+ [25620] libc: Signed comparison vulnerability in the ARMv7 memcpy() (CVE-2020-6096)
\f
Version 2.27
--
ldv
reply other threads:[~2020-11-16 21:01 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201116210120.GH28063@altlinux.org \
--to=ldv@altlinux.org \
--cc=libc-stable@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).