From patchwork Fri Mar 13 21:30:25 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Aurelien Jarno <aurelien@aurel32.net>
X-Patchwork-Id: 38562
Return-Path: <aurelien@aurel32.net>
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from hall.aurel32.net (hall.aurel32.net [IPv6:2001:bc8:30d7:100::1])
 by sourceware.org (Postfix) with ESMTPS id 3FBE43AAA07F
 for <libc-alpha@sourceware.org>; Fri, 13 Mar 2020 21:31:02 +0000 (GMT)
Received: from [2a01:e35:2fdd:a4e1:fe91:fc89:bc43:b814] (helo=ohm.rr44.fr)
 by hall.aurel32.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.92) (envelope-from <aurelien@aurel32.net>)
 id 1jCrtU-0005ou-G5; Fri, 13 Mar 2020 22:31:00 +0100
Received: from aurel32 by ohm.rr44.fr with local (Exim 4.93)
 (envelope-from <aurelien@aurel32.net>)
 id 1jCrtT-003e9p-Tc; Fri, 13 Mar 2020 22:30:59 +0100
From: Aurelien Jarno <aurelien@aurel32.net>
To: libc-alpha@sourceware.org
Cc: Andreas Schwab <schwab@suse.de>,
	Aurelien Jarno <aurelien@aurel32.net>
Subject: [PATCH] Add NEWS entry for CVE-2020-1752 (bug 25414)
Date: Fri, 13 Mar 2020 22:30:25 +0100
Message-Id: <20200313213025.869274-1-aurelien@aurel32.net>
X-Mailer: git-send-email 2.24.1
MIME-Version: 1.0
X-Spam-Status: No, score=-25.7 required=5.0 tests=GIT_PATCH_0, GIT_PATCH_1,
 GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_LOW, SPF_HELO_PASS,
 SPF_NONE autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <http://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <http://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <http://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Mar 2020 21:31:03 -0000

---
 NEWS | 3 +++
 1 file changed, 3 insertions(+)

Bug 25414 got attributed a CVE entry. Here is a patch to add an entry
NEWS.

diff --git a/NEWS b/NEWS
index e0379fc53c1..68a408a3bc6 100644
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,9 @@ Security related changes:
   corruption when they were passed a pseudo-zero argument.  Reported by Guido
   Vranken / ForAllSecure Mayhem.
 
+  CVE-2020-1752: A use-after-free vulnerability in the glob function when
+  expanding ~user has been fixed.
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by