From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from hall.aurel32.net (hall.aurel32.net [IPv6:2001:bc8:30d7:100::1]) by sourceware.org (Postfix) with ESMTPS id D40AA38618E2; Sun, 3 Jan 2021 13:47:45 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org D40AA38618E2 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=aurel32.net Authentication-Results: sourceware.org; spf=none smtp.mailfrom=aurelien@aurel32.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=aurel32.net ; s=202004.hall; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Content-Type:From:Reply-To: Subject:Content-ID:Content-Description:X-Debbugs-Cc; bh=Lk70UxcHnKLtnWpu2yEMIWXPm3u6w3nOe+JWBGfvIlg=; b=f/QLyz9ahwy8Nt4FDXI045PQU5 3Qn9svjcBedQXlJ5V+6CVy4fCDwLvuqUn3RsJHo6ibbi16YLe/zyQdxY8FT9Nq+J7GIuytyISK79L ft2IFiHD+5r9pw9p6CgoqN5e0yALtsik2wHM5fUIl5CG35OBG3WwfwA1ihekgwyP4ak6VkaPMizrg Cv53Aj5RuxTRTsI7yb1BGZm3zhEm/iIa8dwv1AIZO9HxC6aWWtt2sZuxZT1QPaTu8W2Via5UD/Z1k jI0krx1NgJKLkY/s6FwxZoMGD2bia5Zj2GinoGYiKZGkppi3jVFuER/YlCb8pPfDdVD3+/YG9x1Y9 8nODmeuA==; Received: from [2a01:e35:2fdd:a4e1:fe91:fc89:bc43:b814] (helo=ohm.rr44.fr) by hall.aurel32.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kw3jU-0006oc-Nm; Sun, 03 Jan 2021 14:47:44 +0100 Received: from aurel32 by ohm.rr44.fr with local (Exim 4.94) (envelope-from ) id 1kw3jU-009Wlu-2F; Sun, 03 Jan 2021 14:47:44 +0100 From: Aurelien Jarno To: libc-stable@sourceware.org Cc: Siddhesh Poyarekar Subject: [2.31 COMMITTED 2/2] Add NEWS entry for CVE-2020-29562 (BZ #26923) Date: Sun, 3 Jan 2021 14:47:32 +0100 Message-Id: <20210103134732.2268023-2-aurelien@aurel32.net> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20210103134732.2268023-1-aurelien@aurel32.net> References: <20210103134732.2268023-1-aurelien@aurel32.net> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-12.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, SPF_HELO_PASS, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-stable@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-stable mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Jan 2021 13:47:47 -0000 From: Siddhesh Poyarekar BZ #26923 now has a CVE entry, so add a NEWS entry for it. (cherry picked from commit 38a9e93cb1c58e3c899d638480e6d6e42af8e6fc) --- NEWS | 3 +++ 1 file changed, 3 insertions(+) diff --git a/NEWS b/NEWS index de847c9ae5..9e514f5af1 100644 --- a/NEWS +++ b/NEWS @@ -58,6 +58,9 @@ Security related changes: CVE-2020-27618: An infinite loop has been fixed in the iconv program when invoked with input containing redundant shift sequences in the IBM1364, IBM1371, IBM1388, IBM1390, or IBM1399 character sets. + + CVE-2020-29562: An assertion failure has been fixed in the iconv function + when invoked with UCS4 input containing an invalid character. Version 2.31 -- 2.29.2