Add NEWS entry for CVE-2016-6323

author: Florian Weimer <fweimer@redhat.com> 2016-08-16 11:15:09 +0200
committer: Florian Weimer <fweimer@redhat.com> 2016-08-16 11:15:09 +0200
commit: 4d047efdbc55b0d68947cde682e5363d16a66294 (patch)
tree: c9a3c2da0e71dbbea7d6b0716d952de3c3cf42bb /NEWS
parent: fc86a87d788596c6d418f0fa79c79fffc6cfd08f (diff)
download: glibc-4d047efdbc55b0d68947cde682e5363d16a66294.tar.gz
glibc-4d047efdbc55b0d68947cde682e5363d16a66294.tar.xz
glibc-4d047efdbc55b0d68947cde682e5363d16a66294.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index fe9ff1c451..aaed9e02cf 100644
--- a/NEWS
+++ b/NEWS
@@ -34,7 +34,11 @@ Version 2.25
 
 Security related changes:
 
-  [Add security related changes here]
+  On ARM EABI (32-bit), generating a backtrace for execution contexts which
+  have been created with makecontext could fail to terminate due to a
+  missing .cantunwind annotation.  This has been observed to lead to a hang
+  (denial of service) in some Go applications compiled with gccgo.  Reported
+  by Andreas Schwab.
 
 The following bugs are resolved with this release:
author	Florian Weimer <fweimer@redhat.com>	2016-08-16 11:15:09 +0200
committer	Florian Weimer <fweimer@redhat.com>	2016-08-16 11:15:09 +0200
commit	4d047efdbc55b0d68947cde682e5363d16a66294 (patch)
tree	c9a3c2da0e71dbbea7d6b0716d952de3c3cf42bb /NEWS
parent	fc86a87d788596c6d418f0fa79c79fffc6cfd08f (diff)
download	glibc-4d047efdbc55b0d68947cde682e5363d16a66294.tar.gz glibc-4d047efdbc55b0d68947cde682e5363d16a66294.tar.xz glibc-4d047efdbc55b0d68947cde682e5363d16a66294.zip