Mention Tim Rühsen as the reporter for CVE-2017-15670

author Florian Weimer <fweimer@redhat.com>

Fri, 20 Oct 2017 17:28:44 +0000 (19:28 +0200)

committer Florian Weimer <fweimer@redhat.com>

Fri, 20 Oct 2017 17:28:44 +0000 (19:28 +0200)
author Florian Weimer <fweimer@redhat.com>
Fri, 20 Oct 2017 17:28:44 +0000 (19:28 +0200)
committer Florian Weimer <fweimer@redhat.com>
Fri, 20 Oct 2017 17:28:44 +0000 (19:28 +0200)
diff --git a/NEWS b/NEWS

index e0e505690bf8f02b4dea98556310972f98045abf..0540fd2713d69c2a688eb7842b1a469a5ed1c2ba 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -72,9 +72,10 @@ Security related changes:
    vulnerability; only trusted binaries must be examined using the ldd
    script.)
  
-  CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, suffered
-  from a one-byte overflow during ~ operator processing (either on the stack
-  or the heap, depending on the length of the user name).
+  CVE-2017-15670: The glob function, when invoked with GLOB_TILDE,
+  suffered from a one-byte overflow during ~ operator processing (either
+  on the stack or the heap, depending on the length of the user name).
+  Reported by Tim Rühsen.
  
  The following bugs are resolved with this release:
author	Florian Weimer <fweimer@redhat.com>
	Fri, 20 Oct 2017 17:28:44 +0000 (19:28 +0200)
committer	Florian Weimer <fweimer@redhat.com>
	Fri, 20 Oct 2017 17:28:44 +0000 (19:28 +0200)