From patchwork Tue Aug 16 09:19:00 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Weimer X-Patchwork-Id: 14601 Received: (qmail 64141 invoked by alias); 16 Aug 2016 09:19:05 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 64129 invoked by uid 89); 16 Aug 2016 09:19:04 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.4 required=5.0 tests=BAYES_00, RP_MATCHES_RCVD, SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=denial, consolidated, news X-HELO: mx1.redhat.com To: GNU C Library From: Florian Weimer Subject: [PATCH COMMITTED] Add NEWS entry for CVE-2016-6323 Message-ID: <407b005f-a9cc-3dd9-378c-2a5936eba57a@redhat.com> Date: Tue, 16 Aug 2016 11:19:00 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 Actually as two patches, consolidated here. Florian diff --git a/NEWS b/NEWS index fe9ff1c..aaed9e0 100644 --- a/NEWS +++ b/NEWS @@ -34,7 +34,11 @@ Version 2.25 Security related changes: - [Add security related changes here] + On ARM EABI (32-bit), generating a backtrace for execution contexts which + have been created with makecontext could fail to terminate due to a + missing .cantunwind annotation. This has been observed to lead to a hang + (denial of service) in some Go applications compiled with gccgo. Reported + by Andreas Schwab. (CVE-2016-6323) The following bugs are resolved with this release: