diff options
author | Dmitry V. Levin <ldv@altlinux.org> | 2022-10-04 08:00:00 +0000 |
---|---|---|
committer | Dmitry V. Levin <ldv@altlinux.org> | 2022-10-04 08:00:00 +0000 |
commit | cdf5ee727d831c0bd21b54da83ca9b03e77cead0 (patch) | |
tree | 895f22a64f975b00fa1b36631f97eec20df80e01 | |
parent | aa510aa2767b9aff0401a62718e2cf93f745fb0d (diff) | |
download | glibc-cdf5ee727d831c0bd21b54da83ca9b03e77cead0.tar.gz glibc-cdf5ee727d831c0bd21b54da83ca9b03e77cead0.tar.xz glibc-cdf5ee727d831c0bd21b54da83ca9b03e77cead0.zip |
NEWS: Mention CVE-2021-35942
Add a NEWS entry for the fix that was backported by commit 27e892f6608e9d0da71884bb1422a735f6062850.
-rw-r--r-- | NEWS | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/NEWS b/NEWS index 7bd476deb6..078891a5a4 100644 --- a/NEWS +++ b/NEWS @@ -31,6 +31,10 @@ Security related changes: issue when using a notification type of SIGEV_THREAD and a thread attribute with a non-default affinity mask. + CVE-2021-35942: The wordexp function may overflow the positional + parameter number when processing the expansion resulting in a crash. + Reported by Philippe Antoine. + The following bugs are resolved with this release: [20019] NULL pointer dereference in libc.so.6 IFUNC due to uninitialized GOT |