From patchwork Wed Mar 18 14:10:16 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Aurelien Jarno <aurelien@aurel32.net>
X-Patchwork-Id: 38573
Return-Path: <aurelien@aurel32.net>
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from hall.aurel32.net (hall.aurel32.net [IPv6:2001:bc8:30d7:100::1])
 by sourceware.org (Postfix) with ESMTPS id C74433942020
 for <libc-alpha@sourceware.org>; Wed, 18 Mar 2020 14:10:24 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org C74433942020
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=aurel32.net
Authentication-Results: sourceware.org;
 spf=none smtp.mailfrom=aurelien@aurel32.net
Received: from [2a01:e35:2fdd:a4e1:fe91:fc89:bc43:b814] (helo=ohm.rr44.fr)
 by hall.aurel32.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.92) (envelope-from <aurelien@aurel32.net>)
 id 1jEZOp-0000MJ-BO; Wed, 18 Mar 2020 15:10:23 +0100
Received: from aurel32 by ohm.rr44.fr with local (Exim 4.93)
 (envelope-from <aurelien@aurel32.net>)
 id 1jEZOn-001R80-EX; Wed, 18 Mar 2020 15:10:21 +0100
From: Aurelien Jarno <aurelien@aurel32.net>
To: libc-alpha@sourceware.org
Cc: Andreas Schwab <schwab@suse.de>,
	Aurelien Jarno <aurelien@aurel32.net>
Subject: [PATCH] Add NEWS entry for CVE-2020-1752 (bug 25414)
Date: Wed, 18 Mar 2020 15:10:16 +0100
Message-Id: <20200318141016.342567-1-aurelien@aurel32.net>
X-Mailer: git-send-email 2.24.1
MIME-Version: 1.0
X-Spam-Status: No, score=-24.7 required=5.0 tests=GIT_PATCH_0, GIT_PATCH_1,
 GIT_PATCH_2, GIT_PATCH_3, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY,
 RCVD_IN_DNSWL_LOW, SPF_HELO_PASS,
 SPF_NONE autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <http://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <http://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <http://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Mar 2020 14:10:25 -0000

---
 NEWS | 3 +++
 1 file changed, 3 insertions(+)
Reviewed-by: Carlos O'Donell <carlos@redhat.com>

diff --git a/NEWS b/NEWS
index e0379fc53c1..68a408a3bc6 100644
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,9 @@ Security related changes:
   corruption when they were passed a pseudo-zero argument.  Reported by Guido
   Vranken / ForAllSecure Mayhem.
 
+  CVE-2020-1752: A use-after-free vulnerability in the glob function when
+  expanding ~user has been fixed.
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by