NEWS entry for CVE-2016-3075

author Florian Weimer <fweimer@redhat.com>

Fri, 29 Apr 2016 08:47:40 +0000 (10:47 +0200)

committer Florian Weimer <fweimer@redhat.com>

Fri, 29 Apr 2016 08:47:40 +0000 (10:47 +0200)
author Florian Weimer <fweimer@redhat.com>
Fri, 29 Apr 2016 08:47:40 +0000 (10:47 +0200)
committer Florian Weimer <fweimer@redhat.com>
Fri, 29 Apr 2016 08:47:40 +0000 (10:47 +0200)
diff --git a/NEWS b/NEWS

index aa6209e5a12fff71718b958146cefbcd01b2afcd..24e13aeafac1c377587725c8b111ff159d5eafa6 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -27,6 +27,10 @@ Version 2.24
  
  Security related changes:
  
+* An unnecessary stack copy in _nss_dns_getnetbyname_r was removed.  It
+  could result in a stack overflow when getnetbyname was called with an
+  overly long name.  (CVE-2016-3075)
+
  * Previously, getaddrinfo copied large amounts of address data to the stack,
    even after the fix for CVE-2013-4458 has been applied, potentially
    resulting in a stack overflow.  getaddrinfo now uses a heap allocation
author	Florian Weimer <fweimer@redhat.com>
	Fri, 29 Apr 2016 08:47:40 +0000 (10:47 +0200)
committer	Florian Weimer <fweimer@redhat.com>
	Fri, 29 Apr 2016 08:47:40 +0000 (10:47 +0200)