From: Florian Weimer <fweimer@redhat.com>
Date: Wed, 16 Aug 2017 14:47:20 +0000 (+0200)
Subject: Add ChangeLog reference to bug 16750/CVE-2009-5064
X-Git-Tag: glibc-2.27~1151
X-Git-Url: https://sourceware.org/git/?a=commitdiff_plain;h=403143e1df85dadd374f304bd891be0cd7573e3b;p=glibc.git

Add ChangeLog reference to bug 16750/CVE-2009-5064
---

diff --git a/ChangeLog b/ChangeLog
index 7188d1ec46..e308ee9fc4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
 2017-08-16  Andreas Schwab  <schwab@suse.de>
 
+	[BZ #16750]
+	CVE-2009-5064
 	* elf/ldd.bash.in: Never run file directly.
 
 2017-08-15  H.J. Lu  <hongjiu.lu@intel.com>
diff --git a/NEWS b/NEWS
index 484c467569..0008df16c0 100644
--- a/NEWS
+++ b/NEWS
@@ -22,7 +22,11 @@ Changes to build and runtime requirements:
 
 Security related changes:
 
-  [Add security related changes here]
+  CVE-2009-5064: The ldd script would sometimes run the program under
+  examination directly, without preventing code execution through the
+  dynamic linker.  (The glibc project disputes that this is a security
+  vulnerability; only trusted binaries must be examined using the ldd
+  script.)
 
 The following bugs are resolved with this release: