From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from iguana.tulip.relay.mailchannels.net (iguana.tulip.relay.mailchannels.net [23.83.218.253]) by sourceware.org (Postfix) with ESMTPS id 9D81B3851A87 for ; Tue, 6 Sep 2022 13:40:24 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 9D81B3851A87 Authentication-Results: sourceware.org; dmarc=fail (p=none dis=none) header.from=sourceware.org Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=sourceware.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id E3EB18040C9 for ; Tue, 6 Sep 2022 13:40:20 +0000 (UTC) Received: from pdx1-sub0-mail-a305 (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 6DFDC804029 for ; Tue, 6 Sep 2022 13:40:20 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1662471620; a=rsa-sha256; cv=none; b=svXj1gKsRwk/kpY7KKX0MQgSis2D+2c+HKb62J81JZAW/r6ZqcnBPIb19MnfQ3ESpuFtfL nCR58D/w3qBmOmK7wB3rtlwN5LN3hlyyD/bF2ywxj9b+a96S1Moex+/AdyYiZoKADzdeQE ZqEuJ3YM0W8Y2BTFddQBeSwO/pIYKR1oKnHLwbZGpUg1tb92qUPHYycD7d08jSkQ/MT3do zqMJGnaAKdG6BdkYuSl8k3oQS/lEOFM/Dcn8TVdskQCRkZ0wXsgWK7AQA+g+fEXTMpa3lu jTIEOcxAL6c6dQfl0PHv4hpBUQyQcZ6VH3r2jELikAKXPvuDvEPZ4cagwLETww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1662471620; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=iNVJB+4aFrU8w8t78E8G142fcg+7p9zDgiDCiLo0nHo=; b=S/pFU1Lyn8pVZUzvW+rNS+6A7IA2Au9xW8ET2H3CMLpY0Mxgf76LiKvTEpqItAHkAKidOw nwwakF2z8+C1I2vPMEtJUogQQ6D2tCltcpSdnElHqsL7BsW7Kx+iKdMGcBlzDL3yOCajep bR6Jjw/agfYrU3iwXOiOCKPImMhvp2R82sLamvGZFMYxrnRNsfmIywoXiW5hMCqEtTzm3g 58C0oIrwOh8sH0nHapvZlh8wenRW2FR4ph3rJGM/6eSkU8iMbaXqC6k3+yNMlr2Zzil5/3 w3b4ROY4BfVKZ/0n+3JKwV9g90DK5u7BZvEECWdT5glq45q1kKV3KIvIlPYzXA== ARC-Authentication-Results: i=1; rspamd-686945db84-cchcl; auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@sourceware.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Spicy-Chemical: 2ce9b24e684fe13a_1662471620670_261030218 X-MC-Loop-Signature: 1662471620670:596705094 X-MC-Ingress-Time: 1662471620670 Received: from pdx1-sub0-mail-a305 (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.108.161.89 (trex/6.7.1); Tue, 06 Sep 2022 13:40:20 +0000 Received: from fedora.redhat.com (bras-vprn-toroon4834w-lp130-16-184-147-84-238.dsl.bell.ca [184.147.84.238]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a305 (Postfix) with ESMTPSA id 4MMRN35N1vzS8 for ; Tue, 6 Sep 2022 06:40:19 -0700 (PDT) From: Siddhesh Poyarekar To: libc-stable@sourceware.org Subject: [committed 2.36] Add NEWS entry for CVE-2022-39046 Date: Tue, 6 Sep 2022 09:40:12 -0400 Message-Id: <20220906134012.637725-1-siddhesh@sourceware.org> X-Mailer: git-send-email 2.37.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-1173.1 required=5.0 tests=BAYES_00,GIT_PATCH_0,KAM_DMARC_NONE,KAM_DMARC_STATUS,KAM_NUMSUBJECT,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_SOFTFAIL,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: (cherry picked from commit 76fe56020e7ef354685b2284580ac1630c078a2b) --- NEWS | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/NEWS b/NEWS index 757ded85e0..10a7613f09 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,13 @@ using `glibc' in the "product" field. Version 2.36.1 +Security related changes: + + CVE-2022-39046: When the syslog function is passed a crafted input + string larger than 1024 bytes, it reads uninitialized memory from the + heap and prints it to the target log file, potentially revealing a + portion of the contents of the heap. + The following bugs are resolved with this release: [28846] CMSG_NXTHDR may trigger -Wstrict-overflow warning -- 2.37.2