Update NEWS and ChangeLog for CVE-2017-15671

author Florian Weimer <fweimer@redhat.com>

Sun, 22 Oct 2017 07:29:52 +0000 (09:29 +0200)

committer Florian Weimer <fweimer@redhat.com>

Sun, 22 Oct 2017 07:29:52 +0000 (09:29 +0200)
author Florian Weimer <fweimer@redhat.com>
Sun, 22 Oct 2017 07:29:52 +0000 (09:29 +0200)
committer Florian Weimer <fweimer@redhat.com>
Sun, 22 Oct 2017 07:29:52 +0000 (09:29 +0200)
diff --git a/ChangeLog b/ChangeLog

index c20121ab1bf843dc4c9fa5bff78f7ff9b0953d4e..bc15aef2baa8bac33712f0d7a2021412f938a5cc 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -3965,6 +3965,7 @@
         All uses removed.
  
         [BZ #1062]
+       CVE-2017-15671
         * posix/Makefile (routines): Add globfree, globfree64, and
         glob_pattern_p.
         * posix/flexmember.h: New file.
diff --git a/NEWS b/NEWS

index 0540fd2713d69c2a688eb7842b1a469a5ed1c2ba..c38fb88ac4327bc2103ab3e3c3cc081c7a50aaa4 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -77,6 +77,11 @@ Security related changes:
    on the stack or the heap, depending on the length of the user name).
    Reported by Tim Rühsen.
  
+  CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
+  would sometimes fail to free memory allocated during ~ operator
+  processing, leading to a memory leak and, potentially, to a denial
+  of service.
+
  The following bugs are resolved with this release:
  
    [The release manager will add the list generated by
author	Florian Weimer <fweimer@redhat.com>
	Sun, 22 Oct 2017 07:29:52 +0000 (09:29 +0200)
committer	Florian Weimer <fweimer@redhat.com>
	Sun, 22 Oct 2017 07:29:52 +0000 (09:29 +0200)
ChangeLog		patch \| blob \| blame \| history
NEWS		patch \| blob \| blame \| history