diff mbox

[COMMITTED] Add NEWS entry for CVE-2016-6323

Message ID 407b005f-a9cc-3dd9-378c-2a5936eba57a@redhat.com
State Committed
Headers

Commit Message

Florian Weimer Aug. 16, 2016, 9:19 a.m. UTC 
  Actually as two patches, consolidated here.

Florian
diff mbox

Patch

diff --git a/NEWS b/NEWS
index fe9ff1c..aaed9e0 100644
--- a/NEWS
+++ b/NEWS
@@ -34,7 +34,11 @@  Version 2.25
 
 Security related changes:
 
-  [Add security related changes here]
+  On ARM EABI (32-bit), generating a backtrace for execution contexts which
+  have been created with makecontext could fail to terminate due to a
+  missing .cantunwind annotation.  This has been observed to lead to a hang
+  (denial of service) in some Go applications compiled with gccgo.  Reported
+  by Andreas Schwab.  (CVE-2016-6323)
 
 The following bugs are resolved with this release: