diff mbox series

Add NEWS entry for CVE-2020-1751 (bug 25423)

Message ID	20200324150601.2905754-1-aurelien@aurel32.net
State	Committed
Headers	DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org AB08C385C017 From: Aurelien Jarno <aurelien@aurel32.net> To: libc-alpha@sourceware.org Cc: Andreas Schwab <schwab@suse.de>, Aurelien Jarno <aurelien@aurel32.net> Subject: [PATCH] Add NEWS entry for CVE-2020-1751 (bug 25423) Date: Tue, 24 Mar 2020 16:06:01 +0100 Message-Id: <20200324150601.2905754-1-aurelien@aurel32.net> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list
Series	Add NEWS entry for CVE-2020-1751 (bug 25423) \| Add NEWS entry for CVE-2020-1751 (bug 25423)

Commit Message

Aurelien Jarno March 24, 2020, 3:06 p.m. UTC

  ---
 NEWS | 3 +++
 1 file changed, 3 insertions(+)

Comments

Carlos O'Donell March 24, 2020, 4:48 p.m. UTC | #1

On 3/24/20 11:06 AM, Aurelien Jarno wrote:
> ---
>  NEWS | 3 +++
>  1 file changed, 3 insertions(+)
> 

OK with suggested text.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

> diff --git a/NEWS b/NEWS
> index 68a408a3bc6..0b1a6b43683 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -25,6 +25,9 @@ Security related changes:
>    corruption when they were passed a pseudo-zero argument.  Reported by Guido
>    Vranken / ForAllSecure Mayhem.
>  
> +  CVE-2020-1751: When unwinding through a signal frame the backtrace function
> +  on PowerPC didn't check array bounds when storing the frame address.

I want cause + consequence text for CVEs.

Suggesting: 

CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
out-of-bounds write when executed in a signal frame context.

> +
>    CVE-2020-1752: A use-after-free vulnerability in the glob function when
>    expanding ~user has been fixed.
>  
>

Aurelien Jarno March 24, 2020, 9:52 p.m. UTC | #2

On 2020-03-24 12:48, Carlos O'Donell wrote:
> On 3/24/20 11:06 AM, Aurelien Jarno wrote:
> > ---
> >  NEWS | 3 +++
> >  1 file changed, 3 insertions(+)
> > 
> 
> OK with suggested text.
> 
> Reviewed-by: Carlos O'Donell <carlos@redhat.com>
> 
> > diff --git a/NEWS b/NEWS
> > index 68a408a3bc6..0b1a6b43683 100644
> > --- a/NEWS
> > +++ b/NEWS
> > @@ -25,6 +25,9 @@ Security related changes:
> >    corruption when they were passed a pseudo-zero argument.  Reported by Guido
> >    Vranken / ForAllSecure Mayhem.
> >  
> > +  CVE-2020-1751: When unwinding through a signal frame the backtrace function
> > +  on PowerPC didn't check array bounds when storing the frame address.
> 
> I want cause + consequence text for CVEs.
> 
> Suggesting: 
> 
> CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
> out-of-bounds write when executed in a signal frame context.
> 

Thanks for the review and the suggestion. I have just committed it with
the suggested text.

Cheers,
Aurelien

diff mbox series

Patch

diff --git a/NEWS b/NEWS
index 68a408a3bc6..0b1a6b43683 100644
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,9 @@  Security related changes:
   corruption when they were passed a pseudo-zero argument.  Reported by Guido
   Vranken / ForAllSecure Mayhem.
 
+  CVE-2020-1751: When unwinding through a signal frame the backtrace function
+  on PowerPC didn't check array bounds when storing the frame address.
+
   CVE-2020-1752: A use-after-free vulnerability in the glob function when
   expanding ~user has been fixed.