diff mbox series

NEWS: Document CVE-2023-25139.

Message ID	20230206153632.2737139-1-carlos@redhat.com
State	Committed
Commit	67c37737ed474d25fd4dc535dfd822c426e6b971
Headers	DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 3E9EA3858D1E To: libc-alpha@sourceware.org, siddhesh@redhat.com Cc: Carlos O'Donell <carlos@redhat.com> Subject: [PATCH] NEWS: Document CVE-2023-25139. Date: Mon, 6 Feb 2023 10:36:32 -0500 Message-Id: <20230206153632.2737139-1-carlos@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII"; x-default=true Precedence: list From: Carlos O'Donell via Libc-alpha <libc-alpha@sourceware.org> Reply-To: Carlos O'Donell <carlos@redhat.com> Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org>
Series	NEWS: Document CVE-2023-25139. \| NEWS: Document CVE-2023-25139.

Checks

Context	Check	Description
dj/TryBot-apply_patch	success	Patch applied to master at the time it was sent
dj/TryBot-32bit	success	Build for i686

Commit Message

Carlos O'Donell Feb. 6, 2023, 3:36 p.m. UTC

  ---
 NEWS | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

Comments

Siddhesh Poyarekar Feb. 6, 2023, 6:36 p.m. UTC | #1

On Mon, Feb 6, 2023 at 10:36 AM Carlos O'Donell <carlos@redhat.com> wrote:
>
> ---
>  NEWS | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/NEWS b/NEWS
> index b227e72c9c..a7979a9cd3 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -21,7 +21,12 @@ Changes to build and runtime requirements:
>
>  Security related changes:
>
> -  [Add security related changes here]
> +  CVE-2023-25139: When the printf family of functions is called with a
> +  format specifier that uses an <apostrophe> (enable grouping) and a
> +  minimum width specifier, the resulting output could be larger than
> +  reasonably expected by a caller that computed a tight bound on the
> +  buffer size.  The resulting larger than expected output could result
> +  in a buffer overflow in the printf family of functions.
>

LGTM.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>

Carlos O'Donell Feb. 7, 2023, 11:39 p.m. UTC | #2

On 2/6/23 13:36, Siddhesh Poyarekar wrote:
> On Mon, Feb 6, 2023 at 10:36 AM Carlos O'Donell <carlos@redhat.com> wrote:
>>
>> ---
>>  NEWS | 7 ++++++-
>>  1 file changed, 6 insertions(+), 1 deletion(-)
>>
>> diff --git a/NEWS b/NEWS
>> index b227e72c9c..a7979a9cd3 100644
>> --- a/NEWS
>> +++ b/NEWS
>> @@ -21,7 +21,12 @@ Changes to build and runtime requirements:
>>
>>  Security related changes:
>>
>> -  [Add security related changes here]
>> +  CVE-2023-25139: When the printf family of functions is called with a
>> +  format specifier that uses an <apostrophe> (enable grouping) and a
>> +  minimum width specifier, the resulting output could be larger than
>> +  reasonably expected by a caller that computed a tight bound on the
>> +  buffer size.  The resulting larger than expected output could result
>> +  in a buffer overflow in the printf family of functions.
>>
> 
> LGTM.
> 
> Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
> 

Thanks. Pushed. I'm backporting to release/2.37/master right now.

diff mbox series

Patch

diff --git a/NEWS b/NEWS
index b227e72c9c..a7979a9cd3 100644
--- a/NEWS
+++ b/NEWS
@@ -21,7 +21,12 @@  Changes to build and runtime requirements:
 
 Security related changes:
 
-  [Add security related changes here]
+  CVE-2023-25139: When the printf family of functions is called with a
+  format specifier that uses an <apostrophe> (enable grouping) and a
+  minimum width specifier, the resulting output could be larger than
+  reasonably expected by a caller that computed a tight bound on the
+  buffer size.  The resulting larger than expected output could result
+  in a buffer overflow in the printf family of functions.
 
 The following bugs are resolved with this release: