This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch release/2.25/master updated. glibc-2.25-77-g17357d9

From: ldv at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 15 Dec 2017 13:07:52 -0000
Subject: GNU C Library master sources branch release/2.25/master updated. glibc-2.25-77-g17357d9

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.25/master has been updated
       via  17357d93cbf8d71a12530e91ea405cea4adb5ab0 (commit)
      from  8f50b4a4545bf7136c0c568e85e0b4c3f64c4519 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=17357d93cbf8d71a12530e91ea405cea4adb5ab0

commit 17357d93cbf8d71a12530e91ea405cea4adb5ab0
Author: Dmitry V. Levin <ldv@altlinux.org>
Date:   Fri Dec 15 00:30:45 2017 +0000

    NEWS: merge two sections about security related changes in 2.25.1
    
    Commit glibc-2.25-70-g717743bb07471f95bef6ea63d9b12848ad91aaf6
    introduced a second "Security related changes" section for 2.25.1.
    Merge them back into a single section.

diff --git a/NEWS b/NEWS
index 0a8f20e..d047d96 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,10 @@ Security related changes:
 * The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes,
   to avoid fragmentation-based spoofing attacks.
 
+  CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, suffered
+  from a one-byte overflow during ~ operator processing (either on the stack
+  or the heap, depending on the length of the user name).
+
   CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
   would sometimes fail to free memory allocated during ~ operator
   processing, leading to a memory leak and, potentially, to a denial
@@ -38,13 +42,6 @@ The following bugs are resolved with this release:
   [21778] Robust mutex may deadlock
   [21972] assert macro requires operator== (int) for its argument type
   [22322] libc: [mips64] wrong bits/long-double.h installed
-
-Security related changes:
-
-  CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, suffered
-  from a one-byte overflow during ~ operator processing (either on the stack
-  or the heap, depending on the length of the user name).
-
 
 Version 2.25
 

-----------------------------------------------------------------------

Summary of changes:
 NEWS |   11 ++++-------
 1 files changed, 4 insertions(+), 7 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]