This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.26-108-g403143e
- From: fw at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 16 Aug 2017 14:47:36 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.26-108-g403143e
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 403143e1df85dadd374f304bd891be0cd7573e3b (commit)
from eedca9772e99c72ab4c3c34e43cc764250aa3e3c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=403143e1df85dadd374f304bd891be0cd7573e3b
commit 403143e1df85dadd374f304bd891be0cd7573e3b
Author: Florian Weimer <fweimer@redhat.com>
Date: Wed Aug 16 16:47:20 2017 +0200
Add ChangeLog reference to bug 16750/CVE-2009-5064
diff --git a/ChangeLog b/ChangeLog
index 7188d1e..e308ee9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
2017-08-16 Andreas Schwab <schwab@suse.de>
+ [BZ #16750]
+ CVE-2009-5064
* elf/ldd.bash.in: Never run file directly.
2017-08-15 H.J. Lu <hongjiu.lu@intel.com>
diff --git a/NEWS b/NEWS
index 484c467..0008df1 100644
--- a/NEWS
+++ b/NEWS
@@ -22,7 +22,11 @@ Changes to build and runtime requirements:
Security related changes:
- [Add security related changes here]
+ CVE-2009-5064: The ldd script would sometimes run the program under
+ examination directly, without preventing code execution through the
+ dynamic linker. (The glibc project disputes that this is a security
+ vulnerability; only trusted binaries must be examined using the ldd
+ script.)
The following bugs are resolved with this release:
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 2 ++
NEWS | 6 +++++-
2 files changed, 7 insertions(+), 1 deletions(-)
hooks/post-receive
--
GNU C Library master sources