diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/NEWS b/NEWS index 8c10e88ec5..a70d21eb40 100644 --- a/NEWS +++ b/NEWS @@ -25,6 +25,11 @@ Security related changes: from a one-byte overflow during ~ operator processing (either on the stack or the heap, depending on the length of the user name). +* CVE-2017-15671: The glob function, when invoked with GLOB_TILDE, + would sometimes fail to free memory allocated during ~ operator + processing, leading to a memory leak and, potentially, to a denial + of service. + The following bugs are resolved with this release: [20790] Fix rpcgen buffer overrun |