[2/2] NEWS: Add advisories.
Checks
Context |
Check |
Description |
redhat-pt-bot/TryBot-apply_patch |
success
|
Patch applied to master at the time it was sent
|
linaro-tcwg-bot/tcwg_glibc_build--master-arm |
success
|
Testing passed
|
redhat-pt-bot/TryBot-32bit |
success
|
Build for i686
|
linaro-tcwg-bot/tcwg_glibc_build--master-aarch64 |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_glibc_check--master-arm |
success
|
Testing passed
|
linaro-tcwg-bot/tcwg_glibc_check--master-aarch64 |
success
|
Testing passed
|
Commit Message
GLIBC-SA-2024-0004:
ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
sequence (CVE-2024-2961)
GLIBC-SA-2024-0005:
nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599)
GLIBC-SA-2024-0006:
nscd: Avoid null pointer crashes after notfound response
(CVE-2024-33600)
GLIBC-SA-2024-0007:
nscd: netgroup cache may terminate daemon on memory allocation
failure (CVE-2024-33601)
GLIBC-SA-2024-0008:
nscd: netgroup cache assumes NSS callback uses in-buffer strings
(CVE-2024-33602)
---
NEWS | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
Comments
On 2024-05-01 21:58, Carlos O'Donell wrote:
> GLIBC-SA-2024-0004:
> ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
> sequence (CVE-2024-2961)
>
> GLIBC-SA-2024-0005:
> nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599)
>
> GLIBC-SA-2024-0006:
> nscd: Avoid null pointer crashes after notfound response
> (CVE-2024-33600)
>
> GLIBC-SA-2024-0007:
> nscd: netgroup cache may terminate daemon on memory allocation
> failure (CVE-2024-33601)
>
> GLIBC-SA-2024-0008:
> nscd: netgroup cache assumes NSS callback uses in-buffer strings
> (CVE-2024-33602)
> ---
LGTM.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
> NEWS | 19 +++++++++++++++++++
> 1 file changed, 19 insertions(+)
>
> diff --git a/NEWS b/NEWS
> index cf6078cf20..fbec7ec6f2 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -177,6 +177,25 @@ found in the advisories directory of the release tarball:
> GLIBC-SA-2024-0003:
> syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780)
>
> + GLIBC-SA-2024-0004:
> + ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
> + sequence (CVE-2024-2961)
> +
> + GLIBC-SA-2024-0005:
> + nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599)
> +
> + GLIBC-SA-2024-0006:
> + nscd: Avoid null pointer crashes after notfound response
> + (CVE-2024-33600)
> +
> + GLIBC-SA-2024-0007:
> + nscd: netgroup cache may terminate daemon on memory allocation
> + failure (CVE-2024-33601)
> +
> + GLIBC-SA-2024-0008:
> + nscd: netgroup cache assumes NSS callback uses in-buffer strings
> + (CVE-2024-33602)
> +
> The following bugs are resolved with this release:
>
> [14522] localedata: fy_DE: LC_IDENTIFICATION data looks weird
@@ -177,6 +177,25 @@ found in the advisories directory of the release tarball:
GLIBC-SA-2024-0003:
syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780)
+ GLIBC-SA-2024-0004:
+ ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
+ sequence (CVE-2024-2961)
+
+ GLIBC-SA-2024-0005:
+ nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599)
+
+ GLIBC-SA-2024-0006:
+ nscd: Avoid null pointer crashes after notfound response
+ (CVE-2024-33600)
+
+ GLIBC-SA-2024-0007:
+ nscd: netgroup cache may terminate daemon on memory allocation
+ failure (CVE-2024-33601)
+
+ GLIBC-SA-2024-0008:
+ nscd: netgroup cache assumes NSS callback uses in-buffer strings
+ (CVE-2024-33602)
+
The following bugs are resolved with this release:
[14522] localedata: fy_DE: LC_IDENTIFICATION data looks weird