diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/NEWS b/NEWS index 0eb3fb3e7f..976f2ea023 100644 --- a/NEWS +++ b/NEWS @@ -9,8 +9,13 @@ Version 2.20.1 * The following bugs are resolved with this release: - 16009, 16617, 17266, 17370, 17371, 17460, 17485, 17555, 17625, 17630, - 17801. + 16009, 16617, 16618, 17266, 17370, 17371, 17460, 17485, 17555, 17625, + 17630, 17801. + +* CVE-2015-1472 Under certain conditions wscanf can allocate too little + memory for the to-be-scanned arguments and overflow the allocated + buffer. The implementation now correctly computes the required buffer + size when using malloc. * CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag under certain input conditions resulting in the execution of a shell for |