diff options
| author | Aurelien Jarno <aurelien@aurel32.net> | 2020-07-12 21:58:43 +0200 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@altlinux.org> | 2020-11-16 08:00:00 +0000 |
| commit | daf88b1dd1a41fcb324801c02ead7a8d5aac3851 (patch) | |
| tree | 885609998ec2dd8c5b879f0702e69d0a4b3ff6b0 | |
| parent | b29853702e2ab9c1c73081d8135879fad8509c33 (diff) | |
| download | glibc-daf88b1dd1a41fcb324801c02ead7a8d5aac3851.tar.gz glibc-daf88b1dd1a41fcb324801c02ead7a8d5aac3851.tar.xz glibc-daf88b1dd1a41fcb324801c02ead7a8d5aac3851.zip | |
Add NEWS entry for CVE-2020-6096 (bug 25620)
Reviewed-by: Carlos O'Donell <carlos@redhat.com> (cherry picked from commit 17400c4bcd57d84add1da3aa93248ef2efdb0ccb)
| -rw-r--r-- | NEWS | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/NEWS b/NEWS index cf36993718..ca2012de45 100644 --- a/NEWS +++ b/NEWS @@ -76,6 +76,11 @@ Security related changes: CVE-2020-1752: A use-after-free vulnerability in the glob function when expanding ~user has been fixed. + CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and + memmove functions has been fixed. Discovered by Jason Royes and Samual + Dytrych of the Cisco Security Assessment and Penetration Team (See + TALOS-2020-1019). + The following bugs are resolved with this release: [6889] 'PWD' mentioned but not specified @@ -159,6 +164,7 @@ The following bugs are resolved with this release: [25232] No const correctness for strchr et al. for Clang++ [25414] 'glob' use-after-free bug (CVE-2020-1752) [25423] Array overflow in backtrace on powerpc + [25620] libc: Signed comparison vulnerability in the ARMv7 memcpy() (CVE-2020-6096) Version 2.27 |