From patchwork Fri Dec 1 20:55:53 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Aurelien Jarno X-Patchwork-Id: 24681 Received: (qmail 81504 invoked by alias); 1 Dec 2017 20:56:07 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 81495 invoked by uid 89); 1 Dec 2017 20:56:06 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-25.7 required=5.0 tests=BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_LAZY_DOMAIN_SECURITY, KB_WAM_FROM_NAME_SINGLEWORD, T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 spammy=Tim, HContent-Transfer-Encoding:8bit X-HELO: hall.aurel32.net From: Aurelien Jarno To: libc-alpha@sourceware.org Cc: Aurelien Jarno Subject: [COMMITTED] Update NEWS to add CVE-2017-15804 entry Date: Fri, 1 Dec 2017 21:55:53 +0100 Message-Id: <20171201205553.24195-1-aurelien@aurel32.net> MIME-Version: 1.0 --- NEWS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 48af4acaea..10f695aab1 100644 --- a/NEWS +++ b/NEWS @@ -100,8 +100,8 @@ Security related changes: processing, leading to a memory leak and, potentially, to a denial of service. - The glob function, when invoked with GLOB_TILDE and without - GLOB_NOESCAPE, could write past the end of a buffer while + CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and + without GLOB_NOESCAPE, could write past the end of a buffer while unescaping user names. Reported by Tim Rühsen. The following bugs are resolved with this release: