[COMMITTED] Update NEWS and ChangeLog for CVE-2017-15671
Commit Message
Backporting is still ongoing, and there is already the next bug to fix.
Florian
commit 914c9994d27b80bc3b71c483e801a4f04e269ba6
Author: Florian Weimer <fweimer@redhat.com>
Date: Sun Oct 22 09:29:52 2017 +0200
Update NEWS and ChangeLog for CVE-2017-15671
@@ -3965,6 +3965,7 @@
All uses removed.
[BZ #1062]
+ CVE-2017-15671
* posix/Makefile (routines): Add globfree, globfree64, and
glob_pattern_p.
* posix/flexmember.h: New file.
@@ -77,6 +77,11 @@ Security related changes:
on the stack or the heap, depending on the length of the user name).
Reported by Tim Rühsen.
+ CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
+ would sometimes fail to free memory allocated during ~ operator
+ processing, leading to a memory leak and, potentially, to a denial
+ of service.
+
The following bugs are resolved with this release:
[The release manager will add the list generated by