Add NEWS entry for CVE-2020-6096 (bug 25620)
Commit Message
---
NEWS | 3 +++
1 file changed, 3 insertions(+)
Comments
* Aurelien Jarno:
> + CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
> + memmove functions has been fixed.
Should we mention the reporter?
Please also remove the XFAIL added in commit
eca1b233322914d9013f3ee4aabecaadc9245abd. Thanks.
On 7/12/20 4:46 PM, Florian Weimer wrote:
> * Aurelien Jarno:
>
>> + CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
>> + memmove functions has been fixed.
>
> Should we mention the reporter?
>
> Please also remove the XFAIL added in commit
> eca1b233322914d9013f3ee4aabecaadc9245abd. Thanks.
>
Yes, we should mention the reporter. Please and thank you.
The "Credit" in the Talos report says:
~~~
Discovered by Jason Royes of Cisco Security Assessment and Penetration Team.
Discovered by Samuel Dytrych of Cisco Security Assessment and Penetration Team.
~~~
Thus I think it would be good to list:
"Discovered by Jason Royes and Samual Dytrych of the
Cisco Security Assessment and Penetration Team (See TALOS-2020-1019).
If you look here you can see similar credit:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019
@@ -159,6 +159,9 @@ Security related changes:
CVE-2020-1752: A use-after-free vulnerability in the glob function when
expanding ~user has been fixed.
+ CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
+ memmove functions has been fixed.
+
The following bugs are resolved with this release:
[The release manager will add the list generated by