From 914c9994d27b80bc3b71c483e801a4f04e269ba6 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Sun, 22 Oct 2017 09:29:52 +0200 Subject: Update NEWS and ChangeLog for CVE-2017-15671 --- ChangeLog | 1 + NEWS | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index c20121ab1b..bc15aef2ba 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3965,6 +3965,7 @@ All uses removed. [BZ #1062] + CVE-2017-15671 * posix/Makefile (routines): Add globfree, globfree64, and glob_pattern_p. * posix/flexmember.h: New file. diff --git a/NEWS b/NEWS index 0540fd2713..c38fb88ac4 100644 --- a/NEWS +++ b/NEWS @@ -77,6 +77,11 @@ Security related changes: on the stack or the heap, depending on the length of the user name). Reported by Tim Rühsen. + CVE-2017-15671: The glob function, when invoked with GLOB_TILDE, + would sometimes fail to free memory allocated during ~ operator + processing, leading to a memory leak and, potentially, to a denial + of service. + The following bugs are resolved with this release: [The release manager will add the list generated by -- cgit 1.4.1