This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.26.9000-1255-g4590634
- From: fw at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 1 Feb 2018 16:17:28 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.26.9000-1255-g4590634
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 4590634fd65162568b9f52fb4beb60aa25da37f2 (commit)
from 673e230560ac874deed6993d8b9ebaf82e73c408 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4590634fd65162568b9f52fb4beb60aa25da37f2
commit 4590634fd65162568b9f52fb4beb60aa25da37f2
Author: Florian Weimer <fweimer@redhat.com>
Date: Thu Feb 1 15:00:44 2018 +0100
Record CVE-2018-6485 in ChangeLog and NEWS [BZ #22343]
diff --git a/ChangeLog b/ChangeLog
index fdf303a..713af78 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -702,6 +702,7 @@
2018-01-18 Arjun Shankar <arjun@redhat.com>
[BZ #22343]
+ CVE-2018-6485
* malloc/malloc.c (checked_request2size): call REQUEST_OUT_OF_RANGE
after padding.
(_int_memalign): check for integer overflow before calling
diff --git a/NEWS b/NEWS
index 5c27f5c..70798f6 100644
--- a/NEWS
+++ b/NEWS
@@ -258,6 +258,10 @@ Security related changes:
succeeds without returning an absolute path due to unexpected behaviour
of the Linux kernel getcwd syscall. Reported by halfdog.
+ CVE-2018-6485: The posix_memalign and memalign functions, when called with
+ an object size near the value of SIZE_MAX, would return a pointer to a
+ buffer which is too small, instead of NULL. Reported by Jakub Wilk.
+
The following bugs are resolved with this release:
[The release manager will add the list generated by
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 1 +
NEWS | 4 ++++
2 files changed, 5 insertions(+), 0 deletions(-)
hooks/post-receive
--
GNU C Library master sources