Add ChangeLog reference to bug 16750/CVE-2009-5064

author Florian Weimer <fweimer@redhat.com>

Wed, 16 Aug 2017 14:47:20 +0000 (16:47 +0200)

committer Florian Weimer <fweimer@redhat.com>

Wed, 16 Aug 2017 14:47:20 +0000 (16:47 +0200)
author Florian Weimer <fweimer@redhat.com>
Wed, 16 Aug 2017 14:47:20 +0000 (16:47 +0200)
committer Florian Weimer <fweimer@redhat.com>
Wed, 16 Aug 2017 14:47:20 +0000 (16:47 +0200)
diff --git a/ChangeLog b/ChangeLog

index 7188d1ec461424ac1980813c70b3bd289092f547..e308ee9fc44a8f0800717eca8bf0df2461cae4ce 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
  2017-08-16  Andreas Schwab  <schwab@suse.de>
  
+       [BZ #16750]
+       CVE-2009-5064
         * elf/ldd.bash.in: Never run file directly.
  
  2017-08-15  H.J. Lu  <hongjiu.lu@intel.com>
diff --git a/NEWS b/NEWS

index 484c46756995fab6c1580136d1f0dc0e20b1de87..0008df16c0fe6c2ba54a36986e6633e8be3cb6d7 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -22,7 +22,11 @@ Changes to build and runtime requirements:
  
  Security related changes:
  
-  [Add security related changes here]
+  CVE-2009-5064: The ldd script would sometimes run the program under
+  examination directly, without preventing code execution through the
+  dynamic linker.  (The glibc project disputes that this is a security
+  vulnerability; only trusted binaries must be examined using the ldd
+  script.)
  
  The following bugs are resolved with this release:
author	Florian Weimer <fweimer@redhat.com>
	Wed, 16 Aug 2017 14:47:20 +0000 (16:47 +0200)
committer	Florian Weimer <fweimer@redhat.com>
	Wed, 16 Aug 2017 14:47:20 +0000 (16:47 +0200)
ChangeLog		patch \| blob \| blame \| history
NEWS		patch \| blob \| blame \| history