This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.26.9000-620-g914c999
- From: fw at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 22 Oct 2017 07:30:39 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.26.9000-620-g914c999
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 914c9994d27b80bc3b71c483e801a4f04e269ba6 (commit)
from e80fc1fc98bf614eb01cf8325503df3a1451a99c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=914c9994d27b80bc3b71c483e801a4f04e269ba6
commit 914c9994d27b80bc3b71c483e801a4f04e269ba6
Author: Florian Weimer <fweimer@redhat.com>
Date: Sun Oct 22 09:29:52 2017 +0200
Update NEWS and ChangeLog for CVE-2017-15671
diff --git a/ChangeLog b/ChangeLog
index c20121a..bc15aef 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3965,6 +3965,7 @@
All uses removed.
[BZ #1062]
+ CVE-2017-15671
* posix/Makefile (routines): Add globfree, globfree64, and
glob_pattern_p.
* posix/flexmember.h: New file.
diff --git a/NEWS b/NEWS
index 0540fd2..c38fb88 100644
--- a/NEWS
+++ b/NEWS
@@ -77,6 +77,11 @@ Security related changes:
on the stack or the heap, depending on the length of the user name).
Reported by Tim Rühsen.
+ CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
+ would sometimes fail to free memory allocated during ~ operator
+ processing, leading to a memory leak and, potentially, to a denial
+ of service.
+
The following bugs are resolved with this release:
[The release manager will add the list generated by
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 1 +
NEWS | 5 +++++
2 files changed, 6 insertions(+), 0 deletions(-)
hooks/post-receive
--
GNU C Library master sources