diff options
author | Allan McRae <allan@archlinux.org> | 2014-06-21 17:23:55 +1000 |
---|---|---|
committer | Adhemerval Zanella <azanella@linux.vnet.ibm.com> | 2015-01-16 07:07:18 -0500 |
commit | 6b2bd5d9607d2ea6e18e8bf32695322e5ae0ebb4 (patch) | |
tree | 3e2c4a5bfd199cd6c55b2ddf35065d47587773c6 | |
parent | 12565bd6138d6d5c0f6f615c55a2609d000e5ed0 (diff) | |
download | glibc-6b2bd5d9607d2ea6e18e8bf32695322e5ae0ebb4.tar.gz glibc-6b2bd5d9607d2ea6e18e8bf32695322e5ae0ebb4.tar.xz glibc-6b2bd5d9607d2ea6e18e8bf32695322e5ae0ebb4.zip |
Mention CVE-2014-4043 in NEWS
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | NEWS | 6 |
2 files changed, 10 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog index e24271c45d..3a38309ee1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2014-06-21 Allan McRae <allan@archlinux.org> + + * NEWS: Mention CVE-2014-4043. + 2014-06-11 Florian Weimer <fweimer@redhat.com> [BZ #17048] diff --git a/NEWS b/NEWS index fa6caeb75a..8fc3cf871d 100644 --- a/NEWS +++ b/NEWS @@ -15,6 +15,12 @@ Version 2.18.1 * Support for powerpc64le has been added. +* CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not + copy the path argument. This allowed programs to cause posix_spawn to + deference a dangling pointer, or use an unexpected pathname argument if + the string was modified after the posix_spawn_file_actions_addopen + invocation. + * Locale names, including those obtained from environment variables (LANG and the LC_* variables), are more tightly checked for proper syntax. setlocale will now fail (with EINVAL) for locale names that are overly |