This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch master updated. glibc-2.26.9000-620-g914c999

From: fw at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 22 Oct 2017 07:30:39 -0000
Subject: GNU C Library master sources branch master updated. glibc-2.26.9000-620-g914c999

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  914c9994d27b80bc3b71c483e801a4f04e269ba6 (commit)
      from  e80fc1fc98bf614eb01cf8325503df3a1451a99c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=914c9994d27b80bc3b71c483e801a4f04e269ba6

commit 914c9994d27b80bc3b71c483e801a4f04e269ba6
Author: Florian Weimer <fweimer@redhat.com>
Date:   Sun Oct 22 09:29:52 2017 +0200

    Update NEWS and ChangeLog for CVE-2017-15671

diff --git a/ChangeLog b/ChangeLog
index c20121a..bc15aef 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3965,6 +3965,7 @@
 	All uses removed.
 
 	[BZ #1062]
+	CVE-2017-15671
 	* posix/Makefile (routines): Add globfree, globfree64, and
 	glob_pattern_p.
 	* posix/flexmember.h: New file.
diff --git a/NEWS b/NEWS
index 0540fd2..c38fb88 100644
--- a/NEWS
+++ b/NEWS
@@ -77,6 +77,11 @@ Security related changes:
   on the stack or the heap, depending on the length of the user name).
   Reported by Tim RÃ¼hsen.
 
+  CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
+  would sometimes fail to free memory allocated during ~ operator
+  processing, leading to a memory leak and, potentially, to a denial
+  of service.
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog |    1 +
 NEWS      |    5 +++++
 2 files changed, 6 insertions(+), 0 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]