From patchwork Sat Mar 16 22:24:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aurelien Jarno X-Patchwork-Id: 31871 Received: (qmail 24929 invoked by alias); 16 Mar 2019 22:24:56 -0000 Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org Received: (qmail 24919 invoked by uid 89); 16 Mar 2019 22:24:55 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-26.9 required=5.0 tests=BAYES_00, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3 autolearn=ham version=3.3.1 spammy=HX-Languages-Length:980, sk:Address, sk:proceed, overrun X-HELO: hall.aurel32.net From: Aurelien Jarno To: libc-alpha@sourceware.org Cc: Aurelien Jarno Subject: [PATCH COMMITTED] Record CVE-2019-9169 in NEWS and ChangeLog [BZ #24114] Date: Sat, 16 Mar 2019 23:24:26 +0100 Message-Id: <20190316222426.28204-1-aurelien@aurel32.net> MIME-Version: 1.0 --- ChangeLog | 1 + NEWS | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/ChangeLog b/ChangeLog index ce14d885b26..f7c9ee51adf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1576,6 +1576,7 @@ 2019-01-31 Paul Eggert + CVE-2019-9169 regex: fix read overrun [BZ #24114] Problem found by AddressSanitizer, reported by Hongxu Chen in: https://debbugs.gnu.org/34140 diff --git a/NEWS b/NEWS index f12524dc624..cdf7b51f6d2 100644 --- a/NEWS +++ b/NEWS @@ -46,6 +46,10 @@ Security related changes: memcmp gave the wrong result since it treated the size argument as zero. Reported by H.J. Lu. + CVE-2019-9169: Attempted case-insensitive regular-expression match + via proceed_next_node in posix/regexec.c leads to heap-based buffer + over-read. Reported by Hongxu Chen. + The following bugs are resolved with this release: [The release manager will add the list generated by