diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/NEWS b/NEWS index d047d96e76..c0596ae5f2 100644 --- a/NEWS +++ b/NEWS @@ -25,6 +25,11 @@ Security related changes: without GLOB_NOESCAPE, could write past the end of a buffer while unescaping user names. Reported by Tim Rühsen. + CVE-2017-1000408: Incorrect array size computation in _dl_init_paths leads + to the allocation of too much memory. (This is not a security bug per se, + it is mentioned here only because of the CVE assignment.) Reported by + Qualys. + The following bugs are resolved with this release: [20257] sunrpc: clntudp_call does not enforce timeout when receiving data |