* [2.27 COMMITTED] Add NEWS entry for CVE-2020-6096 (bug 25620)
@ 2020-11-16 21:01 Dmitry V. Levin
0 siblings, 0 replies; only message in thread
From: Dmitry V. Levin @ 2020-11-16 21:01 UTC (permalink / raw)
To: libc-stable
From: Aurelien Jarno <aurelien@aurel32.net>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 17400c4bcd57d84add1da3aa93248ef2efdb0ccb)
---
NEWS | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/NEWS b/NEWS
index cf36993718..ca2012de45 100644
--- a/NEWS
+++ b/NEWS
@@ -76,6 +76,11 @@ Security related changes:
CVE-2020-1752: A use-after-free vulnerability in the glob function when
expanding ~user has been fixed.
+ CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
+ memmove functions has been fixed. Discovered by Jason Royes and Samual
+ Dytrych of the Cisco Security Assessment and Penetration Team (See
+ TALOS-2020-1019).
+
The following bugs are resolved with this release:
[6889] 'PWD' mentioned but not specified
@@ -159,6 +164,7 @@ The following bugs are resolved with this release:
[25232] No const correctness for strchr et al. for Clang++
[25414] 'glob' use-after-free bug (CVE-2020-1752)
[25423] Array overflow in backtrace on powerpc
+ [25620] libc: Signed comparison vulnerability in the ARMv7 memcpy() (CVE-2020-6096)
\f
Version 2.27
--
ldv
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-11-16 21:01 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-11-16 21:01 [2.27 COMMITTED] Add NEWS entry for CVE-2020-6096 (bug 25620) Dmitry V. Levin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).