Move NEWS entry for CVE-2020-1751 to the 2.31 section
Commit Message
It was fixed in commit d93769405996dfc11d216ddbe415946617b5a494
("Fix array overflow in backtrace on PowerPC (bug 25423)"), which
went into glibc 2.31.
---
NEWS | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
Comments
On 7/31/20 6:07 AM, Florian Weimer via Libc-alpha wrote:
> It was fixed in commit d93769405996dfc11d216ddbe415946617b5a494
> ("Fix array overflow in backtrace on PowerPC (bug 25423)"), which
> went into glibc 2.31.
OK for 2.32.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
> ---
> NEWS | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/NEWS b/NEWS
> index 7fb167e650..85f91b3ecb 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -171,9 +171,6 @@ Security related changes:
> corruption when they were passed a pseudo-zero argument. Reported by Guido
> Vranken / ForAllSecure Mayhem.
>
> - CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
> - out-of-bounds write when executed in a signal frame context.
> -
> CVE-2020-1752: A use-after-free vulnerability in the glob function when
> expanding ~user has been fixed.
>
> @@ -325,6 +322,9 @@ Changes to build and runtime requirements:
>
> Security related changes:
>
> + CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
> + out-of-bounds write when executed in a signal frame context.
> +
> CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC
> environment variable during program execution after a security
> transition, allowing local attackers to restrict the possible mapping
>
@@ -171,9 +171,6 @@ Security related changes:
corruption when they were passed a pseudo-zero argument. Reported by Guido
Vranken / ForAllSecure Mayhem.
- CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
- out-of-bounds write when executed in a signal frame context.
-
CVE-2020-1752: A use-after-free vulnerability in the glob function when
expanding ~user has been fixed.
@@ -325,6 +322,9 @@ Changes to build and runtime requirements:
Security related changes:
+ CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
+ out-of-bounds write when executed in a signal frame context.
+
CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC
environment variable during program execution after a security
transition, allowing local attackers to restrict the possible mapping