Add NEWS entry for CVE-2020-1752 (bug 25414)

author: Aurelien Jarno <aurelien@aurel32.net> 2020-03-19 22:53:00 +0100
committer: Aurelien Jarno <aurelien@aurel32.net> 2020-03-19 22:53:00 +0100
commit: 39a05214fe14ff722d4d92e697fb71ff15e84e70 (patch)
tree: 07dd6a26f56ae662aa9fc439311ee69846cb5e82 /NEWS
parent: 1c15464ca05f36db5c582856d3770d5e8bde9d61 (diff)
download: glibc-39a05214fe14ff722d4d92e697fb71ff15e84e70.tar.gz
glibc-39a05214fe14ff722d4d92e697fb71ff15e84e70.tar.xz
glibc-39a05214fe14ff722d4d92e697fb71ff15e84e70.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index e0379fc53c..68a408a3bc 100644
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,9 @@ Security related changes:
   corruption when they were passed a pseudo-zero argument.  Reported by Guido
   Vranken / ForAllSecure Mayhem.
 
+  CVE-2020-1752: A use-after-free vulnerability in the glob function when
+  expanding ~user has been fixed.
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by
author	Aurelien Jarno <aurelien@aurel32.net>	2020-03-19 22:53:00 +0100
committer	Aurelien Jarno <aurelien@aurel32.net>	2020-03-19 22:53:00 +0100
commit	39a05214fe14ff722d4d92e697fb71ff15e84e70 (patch)
tree	07dd6a26f56ae662aa9fc439311ee69846cb5e82 /NEWS
parent	1c15464ca05f36db5c582856d3770d5e8bde9d61 (diff)
download	glibc-39a05214fe14ff722d4d92e697fb71ff15e84e70.tar.gz glibc-39a05214fe14ff722d4d92e697fb71ff15e84e70.tar.xz glibc-39a05214fe14ff722d4d92e697fb71ff15e84e70.zip