This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] glob: Fix one-byte overflow [BZ #22320]
* Joseph Myers:
> On Fri, 20 Oct 2017, Florian Weimer wrote:
>
>> I plan to commit this once we have the CVE ID from MITRE.
>
> Commits should not need to wait for CVEs; the NEWS entry for a security
> fix can be updated with the CVE later once available.
Thanks for the reminder. Recent turnaround times from MITRE were
amazingly fast, so I thought I would wait this time. But you are
right, I should commit this now without a CVE ID.