diff options
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/NEWS b/NEWS index 4da140db31..7ba8846fcc 100644 --- a/NEWS +++ b/NEWS @@ -7,6 +7,15 @@ using `glibc' in the "product" field. Version 2.37.1 +Security related changes: + + CVE-2023-25139: When the printf family of functions is called with a + format specifier that uses an <apostrophe> (enable grouping) and a + minimum width specifier, the resulting output could be larger than + reasonably expected by a caller that computed a tight bound on the + buffer size. The resulting larger than expected output could result + in a buffer overflow in the printf family of functions. + The following bugs are resolved with this release: [30053] time: strftime %s returns -1 after 2038 on 32 bits systems |