diff options
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/NEWS b/NEWS index 62c58b2599..0dbcdbff95 100644 --- a/NEWS +++ b/NEWS @@ -9,10 +9,16 @@ Version 2.19 * The following bugs are resolved with this release: - 13985, 14155, 14699, 15427, 15522, 15531, 15532, 15640, 15736, 15748, - 15749, 15754, 15797, 15844, 15849, 15855, 15856, 15857, 15859, 15867, - 15886, 15887, 15890, 15892, 15893, 15895, 15897, 15905, 15909, 15919, - 15921, 15923, 15939, 15963, 15966. + 13985, 14155, 14547, 14699, 15427, 15522, 15531, 15532, 15640, 15736, + 15748, 15749, 15754, 15797, 15844, 15849, 15855, 15856, 15857, 15859, + 15867, 15886, 15887, 15890, 15892, 15893, 15895, 15897, 15905, 15909, + 15919, 15921, 15923, 15939, 15963, 15966. + +* CVE-2012-4424 The strcoll implementation uses malloc to cache indices and + rules for large collation sequences to optimize multiple passes and falls + back to alloca if malloc fails, resulting in a possible stack overflow. + The implementation now falls back to an uncached collation sequence lookup + if malloc fails. * CVE-2013-4788 The pointer guard used for pointer mangling was not initialized for static applications resulting in the security feature |