From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) by sourceware.org (Postfix) with ESMTP id E1F3A3882100 for ; Sat, 15 Jun 2024 13:24:59 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org E1F3A3882100 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gentoo.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gentoo.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org E1F3A3882100 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=140.211.166.183 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1718457902; cv=none; b=YWSAgkeln/gfNKsc5keVMWfKtDyI4VH16+FsLwGCcQcazu77DAiywF+6vxNkQ/YZPnexJluEiM+SeGnAfVazPON4c2xubkM4ZB2dy0Tjk56DNnoGOBKnuZdmqloRaqVwhvBA5xkW4aWZbMeSwaV9SpGTLlhl0+lezbIOvqxD0AE= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1718457902; c=relaxed/simple; bh=N56JjlvSUq5tERPqvFGryF8RjaVtjeOv9B2yAfP+IZs=; h=From:To:Subject:Date:Message-ID:MIME-Version; b=FIq7wOLjtvFjYDhoL6UDSacrr9J9UhHOnrLUfqrZWxpvTPt2A8tvoGx3gas0uFn9t6lVm5YwfAgUlxZQn+V3TjRlrs+CTKZiedPHcjYTPfZmbz42zXZzv/CWpRinIbc0JfnjQebvAI+VKzG7Firxx8xTBgLVK4CkmVOSWXOsC5A= ARC-Authentication-Results: i=1; server2.sourceware.org From: =?UTF-8?q?Andreas=20K=2E=20H=C3=BCttel?= To: libc-stable@sourceware.org Cc: =?UTF-8?q?Andreas=20K=2E=20H=C3=BCttel?= Subject: [COMMITTED 2.39 2/2] NEWS: update list of fixed CVEs in 2.39 Date: Sat, 15 Jun 2024 15:24:04 +0200 Message-ID: <20240615132438.2196330-2-dilfridge@gentoo.org> X-Mailer: git-send-email 2.44.2 In-Reply-To: <20240615132438.2196330-1-dilfridge@gentoo.org> References: <20240615132438.2196330-1-dilfridge@gentoo.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,GIT_PATCH_0,JMQ_SPF_NEUTRAL,KAM_DMARC_STATUS,KAM_NUMSUBJECT,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Signed-off-by: Andreas K. Hüttel --- NEWS | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/NEWS b/NEWS index eba57af12f..06faac3b1f 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,26 @@ Version 2.39.1 Security related changes: +The following CVEs were fixed in this release: + + GLIBC-SA-2024-0004: + ISO-2022-CN-EXT: fix out-of-bound writes when writing escape + sequence (CVE-2024-2961) + + GLIBC-SA-2024-0005: + nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599) + + GLIBC-SA-2024-0006: + nscd: Null pointer crash after notfound response (CVE-2024-33600) + + GLIBC-SA-2024-0007: + nscd: netgroup cache may terminate daemon on memory allocation + failure (CVE-2024-33601) + + GLIBC-SA-2024-0008: + nscd: netgroup cache assumes NSS callback uses in-buffer strings + (CVE-2024-33602) + The following bugs are resolved with this release: [19622] network: Support aliasing with struct sockaddr -- 2.44.2