This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch release/2.25/master updated. glibc-2.25-77-g17357d9
- From: ldv at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 15 Dec 2017 13:07:52 -0000
- Subject: GNU C Library master sources branch release/2.25/master updated. glibc-2.25-77-g17357d9
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, release/2.25/master has been updated
via 17357d93cbf8d71a12530e91ea405cea4adb5ab0 (commit)
from 8f50b4a4545bf7136c0c568e85e0b4c3f64c4519 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=17357d93cbf8d71a12530e91ea405cea4adb5ab0
commit 17357d93cbf8d71a12530e91ea405cea4adb5ab0
Author: Dmitry V. Levin <ldv@altlinux.org>
Date: Fri Dec 15 00:30:45 2017 +0000
NEWS: merge two sections about security related changes in 2.25.1
Commit glibc-2.25-70-g717743bb07471f95bef6ea63d9b12848ad91aaf6
introduced a second "Security related changes" section for 2.25.1.
Merge them back into a single section.
diff --git a/NEWS b/NEWS
index 0a8f20e..d047d96 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,10 @@ Security related changes:
* The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes,
to avoid fragmentation-based spoofing attacks.
+ CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, suffered
+ from a one-byte overflow during ~ operator processing (either on the stack
+ or the heap, depending on the length of the user name).
+
CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
would sometimes fail to free memory allocated during ~ operator
processing, leading to a memory leak and, potentially, to a denial
@@ -38,13 +42,6 @@ The following bugs are resolved with this release:
[21778] Robust mutex may deadlock
[21972] assert macro requires operator== (int) for its argument type
[22322] libc: [mips64] wrong bits/long-double.h installed
-
-Security related changes:
-
- CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, suffered
- from a one-byte overflow during ~ operator processing (either on the stack
- or the heap, depending on the length of the user name).
-
Version 2.25
-----------------------------------------------------------------------
Summary of changes:
NEWS | 11 ++++-------
1 files changed, 4 insertions(+), 7 deletions(-)
hooks/post-receive
--
GNU C Library master sources