[v2,2/2] Add NEWS entry for CVE-2020-6096 (bug 25620)

Message ID 20200713212347.385792-2-aurelien@aurel32.net
State Committed
Headers
Series [v2,1/2] arm: remove string/tst-memmove-overflow XFAIL |

Commit Message

Aurelien Jarno July 13, 2020, 9:23 p.m. UTC
  ---
 NEWS | 5 +++++
 1 file changed, 5 insertions(+)
  

Comments

Carlos O'Donell July 15, 2020, 8:52 p.m. UTC | #1
OK for 2.32

Reviewed-by: Carlos O'Donell <carlos@redhat.com

On 7/13/20 5:23 PM, Aurelien Jarno wrote:
> ---
>  NEWS | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/NEWS b/NEWS
> index 81b014a7ee4..5051e804eaf 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -174,6 +174,11 @@ Security related changes:
>    CVE-2020-1752: A use-after-free vulnerability in the glob function when
>    expanding ~user has been fixed.
>  
> +  CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
> +  memmove functions has been fixed.  Discovered by Jason Royes and Samual
> +  Dytrych of the Cisco Security Assessment and Penetration Team (See
> +  TALOS-2020-1019).
> +
>  The following bugs are resolved with this release:
>  
>    [The release manager will add the list generated by
>
  

Patch

diff --git a/NEWS b/NEWS
index 81b014a7ee4..5051e804eaf 100644
--- a/NEWS
+++ b/NEWS
@@ -174,6 +174,11 @@  Security related changes:
   CVE-2020-1752: A use-after-free vulnerability in the glob function when
   expanding ~user has been fixed.
 
+  CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
+  memmove functions has been fixed.  Discovered by Jason Royes and Samual
+  Dytrych of the Cisco Security Assessment and Penetration Team (See
+  TALOS-2020-1019).
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by