diff options
| author | Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com> | 2018-04-19 15:21:54 -0300 |
|---|---|---|
| committer | Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com> | 2018-04-19 15:21:54 -0300 |
| commit | 70ae2309a84496e287d721cf88a1c916c2a2c971 (patch) | |
| tree | db32edc81ee3df28aed67a192a6a0c5def226942 /NEWS | |
| parent | 15a05fafa4d7f94ae5002803ad8384519479469b (diff) | |
| parent | 49a0c33ead1b1eea5b414e9e2574a4fd96291203 (diff) | |
| download | glibc-70ae2309a84496e287d721cf88a1c916c2a2c971.tar.gz glibc-70ae2309a84496e287d721cf88a1c916c2a2c971.tar.xz glibc-70ae2309a84496e287d721cf88a1c916c2a2c971.zip | |
Merge branch 'release/2.22/master' into ibm/2.22/master ibm/2.22/master
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/NEWS b/NEWS index db81e9e6b1..f67abd6af0 100644 --- a/NEWS +++ b/NEWS @@ -95,6 +95,15 @@ Version 2.22.1 * CVE-2018-6551: The malloc function, when called with an object size near the value of SIZE_MAX, would return a pointer to a buffer which is too small, instead of NULL. + +* CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, suffered + from a one-byte overflow during ~ operator processing (either on the stack + or the heap, depending on the length of the user name). + +* CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and without + GLOB_NOESCAPE, could write past the end of a buffer while + unescaping user names. Reported by Tim Rühsen. + Version 2.22 |