Update NEWS and ChangeLog for CVE-2017-15671

author: Florian Weimer <fweimer@redhat.com> 2017-10-22 09:29:52 +0200
committer: Florian Weimer <fweimer@redhat.com> 2017-10-22 09:29:52 +0200
commit: 914c9994d27b80bc3b71c483e801a4f04e269ba6 (patch)
tree: aec9c5728e95a72b8f57dad2f11dfec906c7e0a5
parent: e80fc1fc98bf614eb01cf8325503df3a1451a99c (diff)
download: glibc-914c9994d27b80bc3b71c483e801a4f04e269ba6.tar.gz
glibc-914c9994d27b80bc3b71c483e801a4f04e269ba6.tar.xz
glibc-914c9994d27b80bc3b71c483e801a4f04e269ba6.zip
2 files changed, 6 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index c20121ab1b..bc15aef2ba 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3965,6 +3965,7 @@
 	All uses removed.
 
 	[BZ #1062]
+	CVE-2017-15671
 	* posix/Makefile (routines): Add globfree, globfree64, and
 	glob_pattern_p.
 	* posix/flexmember.h: New file.
diff --git a/NEWS b/NEWS
index 0540fd2713..c38fb88ac4 100644
--- a/NEWS
+++ b/NEWS
@@ -77,6 +77,11 @@ Security related changes:
   on the stack or the heap, depending on the length of the user name).
   Reported by Tim Rühsen.
 
+  CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
+  would sometimes fail to free memory allocated during ~ operator
+  processing, leading to a memory leak and, potentially, to a denial
+  of service.
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by
author	Florian Weimer <fweimer@redhat.com>	2017-10-22 09:29:52 +0200
committer	Florian Weimer <fweimer@redhat.com>	2017-10-22 09:29:52 +0200
commit	914c9994d27b80bc3b71c483e801a4f04e269ba6 (patch)
tree	aec9c5728e95a72b8f57dad2f11dfec906c7e0a5
parent	e80fc1fc98bf614eb01cf8325503df3a1451a99c (diff)
download	glibc-914c9994d27b80bc3b71c483e801a4f04e269ba6.tar.gz glibc-914c9994d27b80bc3b71c483e801a4f04e269ba6.tar.xz glibc-914c9994d27b80bc3b71c483e801a4f04e269ba6.zip