diff mbox series

Move NEWS entry for CVE-2020-1751 to the 2.31 section

Message ID	87bljwdmle.fsf@oldenburg2.str.redhat.com
State	Committed
Headers	DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org B8A213857C4C To: libc-alpha@sourceware.org Subject: [PATCH] Move NEWS entry for CVE-2020-1751 to the 2.31 section Date: Fri, 31 Jul 2020 12:07:25 +0200 Message-ID: <87bljwdmle.fsf@oldenburg2.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Precedence: list From: Florian Weimer via Libc-alpha <libc-alpha@sourceware.org> Reply-To: Florian Weimer <fweimer@redhat.com> Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" <libc-alpha-bounces@sourceware.org>
Series	Move NEWS entry for CVE-2020-1751 to the 2.31 section \| Move NEWS entry for CVE-2020-1751 to the 2.31 section

Commit Message

Florian Weimer July 31, 2020, 10:07 a.m. UTC

  It was fixed in commit d93769405996dfc11d216ddbe415946617b5a494
("Fix array overflow in backtrace on PowerPC (bug 25423)"), which
went into glibc 2.31.

---
 NEWS | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Comments

Carlos O'Donell July 31, 2020, 10:36 a.m. UTC | #1

On 7/31/20 6:07 AM, Florian Weimer via Libc-alpha wrote:
> It was fixed in commit d93769405996dfc11d216ddbe415946617b5a494
> ("Fix array overflow in backtrace on PowerPC (bug 25423)"), which
> went into glibc 2.31.

OK for 2.32.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

> ---
>  NEWS | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/NEWS b/NEWS
> index 7fb167e650..85f91b3ecb 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -171,9 +171,6 @@ Security related changes:
>    corruption when they were passed a pseudo-zero argument.  Reported by Guido
>    Vranken / ForAllSecure Mayhem.
>  
> -  CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
> -  out-of-bounds write when executed in a signal frame context.
> -
>    CVE-2020-1752: A use-after-free vulnerability in the glob function when
>    expanding ~user has been fixed.
>  
> @@ -325,6 +322,9 @@ Changes to build and runtime requirements:
>  
>  Security related changes:
>  
> +  CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
> +  out-of-bounds write when executed in a signal frame context.
> +
>    CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC
>    environment variable during program execution after a security
>    transition, allowing local attackers to restrict the possible mapping
>

diff mbox series

Patch

diff --git a/NEWS b/NEWS
index 7fb167e650..85f91b3ecb 100644
--- a/NEWS
+++ b/NEWS
@@ -171,9 +171,6 @@  Security related changes:
   corruption when they were passed a pseudo-zero argument.  Reported by Guido
   Vranken / ForAllSecure Mayhem.
 
-  CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
-  out-of-bounds write when executed in a signal frame context.
-
   CVE-2020-1752: A use-after-free vulnerability in the glob function when
   expanding ~user has been fixed.
 
@@ -325,6 +322,9 @@  Changes to build and runtime requirements:
 
 Security related changes:
 
+  CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
+  out-of-bounds write when executed in a signal frame context.
+
   CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC
   environment variable during program execution after a security
   transition, allowing local attackers to restrict the possible mapping