diff options
author | Allan McRae <allan@archlinux.org> | 2014-06-21 17:23:55 +1000 |
---|---|---|
committer | Allan McRae <allan@archlinux.org> | 2014-09-05 22:44:07 +1000 |
commit | 29fd33140d964e0e08207ceecbf479b85658fcb8 (patch) | |
tree | fbbeac5dd6274191e885bd2ea582e84f0ee2b9d2 | |
parent | 8ec14bdc9c600cc273b242ebca6566fe15de107d (diff) | |
download | glibc-29fd33140d964e0e08207ceecbf479b85658fcb8.tar.gz glibc-29fd33140d964e0e08207ceecbf479b85658fcb8.tar.xz glibc-29fd33140d964e0e08207ceecbf479b85658fcb8.zip |
Mention CVE-2014-4043 in NEWS
(cherry picked from commit d03efb2f979defd473955a455d66b949961d26b2) Conflicts: NEWS
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | NEWS | 6 |
2 files changed, 10 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog index 658bec91d3..cbabc37eb5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2014-06-21 Allan McRae <allan@archlinux.org> + + * NEWS: Mention CVE-2014-4043. + 2014-06-12 Stefan Liebler <stli@linux.vnet.ibm.com> * posix/spawn_faction_addopen.c: Include string.h. diff --git a/NEWS b/NEWS index 9539294289..4a51ac6b9a 100644 --- a/NEWS +++ b/NEWS @@ -10,6 +10,12 @@ Version 2.19.1 * The following bugs are resolved with this release: 16545, 16623, 16882, 16885, 16916, 16943, 16958, 17048. + +* CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not + copy the path argument. This allowed programs to cause posix_spawn to + deference a dangling pointer, or use an unexpected pathname argument if + the string was modified after the posix_spawn_file_actions_addopen + invocation. Version 2.19 |