diff options
author | Allan McRae <allan@archlinux.org> | 2014-06-21 17:23:55 +1000 |
---|---|---|
committer | Allan McRae <allan@archlinux.org> | 2014-06-21 17:23:55 +1000 |
commit | d03efb2f979defd473955a455d66b949961d26b2 (patch) | |
tree | 09f5eb034a05d2551b8b20baef33d91ec8c7546b /NEWS | |
parent | dc9a54f800f4785621ebc54d2c26c7b7a6f2e8a1 (diff) | |
download | glibc-d03efb2f979defd473955a455d66b949961d26b2.tar.gz glibc-d03efb2f979defd473955a455d66b949961d26b2.tar.xz glibc-d03efb2f979defd473955a455d66b949961d26b2.zip |
Mention CVE-2014-4043 in NEWS
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/NEWS b/NEWS index 170aed2edb..8d08cd5cd7 100644 --- a/NEWS +++ b/NEWS @@ -54,6 +54,12 @@ Version 2.20 default mutexes are elided via __builtin_tbegin, if the cpu supports transactions. By default lock elision is not enabled and the elision code is not built. + +* CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not + copy the path argument. This allowed programs to cause posix_spawn to + deference a dangling pointer, or use an unexpected pathname argument if + the string was modified after the posix_spawn_file_actions_addopen + invocation. Version 2.19 |