From 391d9041f01282d243e7d3cbd272dffea5f2313c Mon Sep 17 00:00:00 2001 From: =?utf8?q?Andreas=20K=2E=20H=C3=BCttel?= Date: Sat, 20 Jul 2024 18:55:07 +0200 Subject: [PATCH] NEWS: add fixed security advisories list MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Andreas K. Hüttel --- NEWS | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index a014472772..ae06f17661 100644 --- a/NEWS +++ b/NEWS @@ -71,8 +71,23 @@ Security related changes: The following CVEs were fixed in this release, details of which can be found in the advisories directory of the release tarball: - [The release manager will add the list generated by - scripts/process-advisories.sh just before the release.] + GLIBC-SA-2024-0004: + ISO-2022-CN-EXT: fix out-of-bound writes when writing escape + sequence (CVE-2024-2961) + + GLIBC-SA-2024-0005: + nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599) + + GLIBC-SA-2024-0006: + nscd: Null pointer crash after notfound response (CVE-2024-33600) + + GLIBC-SA-2024-0007: + nscd: netgroup cache may terminate daemon on memory allocation + failure (CVE-2024-33601) + + GLIBC-SA-2024-0008: + nscd: netgroup cache assumes NSS callback uses in-buffer strings + (CVE-2024-33602) The following bugs are resolved with this release: -- 2.43.5