diff options
author | Allan McRae <allan@archlinux.org> | 2014-06-21 17:23:55 +1000 |
---|---|---|
committer | Adhemerval Zanella <azanella@linux.vnet.ibm.com> | 2015-01-16 07:49:14 -0500 |
commit | 5cefe3fc8f35b50eb84cbb740268539a40651173 (patch) | |
tree | 28951f49360f3f372a8c5a5125da97a3ff485995 | |
parent | eece504424b59a1d8de7b4da9c64e24acaa6fbe0 (diff) | |
download | glibc-5cefe3fc8f35b50eb84cbb740268539a40651173.tar.gz glibc-5cefe3fc8f35b50eb84cbb740268539a40651173.tar.xz glibc-5cefe3fc8f35b50eb84cbb740268539a40651173.zip |
Mention CVE-2014-4043 in NEWS
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | NEWS | 6 |
2 files changed, 10 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog index 45675f296e..b399a9b143 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2014-06-21 Allan McRae <allan@archlinux.org> + + * NEWS: Mention CVE-2014-4043. + 2014-06-11 Florian Weimer <fweimer@redhat.com> [BZ #17048] diff --git a/NEWS b/NEWS index b6d603aeb8..7aa51f1559 100644 --- a/NEWS +++ b/NEWS @@ -32,6 +32,12 @@ Version 2.19.1 silently replaced with the "C" locale when running in AT_SECURE mode (e.g., in a SUID program). This is no longer necessary because of the additional checks. + +* CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not + copy the path argument. This allowed programs to cause posix_spawn to + deference a dangling pointer, or use an unexpected pathname argument if + the string was modified after the posix_spawn_file_actions_addopen + invocation. Version 2.19 |