diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/NEWS b/NEWS index e2931f13c4..8029dab04a 100644 --- a/NEWS +++ b/NEWS @@ -11,10 +11,15 @@ Version 2.18.1 14143, 14155, 14547, 14699, 15532, 15427, 15522, 15680, 15723, 15734, 15735, 15797, 15892, 15895, 15909, 15915, 15917, 15996, 16072, 16150, - 16414, 16430, 16431. + 16414, 16430, 16431, 17325. * Support for powerpc64le has been added. +* Decoding a crafted input sequence in the character sets IBM933, IBM935, + IBM937, IBM939, IBM1364 could result in an out-of-bounds array read, + resulting a denial-of-service security vulnerability in applications which + use functions related to iconv. (CVE-2014-6040) + * CVE-2013-4237 The readdir_r function could write more than NAME_MAX bytes to the d_name member of struct dirent, or omit the terminating NUL character. (Bugzilla #14699). |