This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch master updated. glibc-2.26.9000-1255-g4590634

From: fw at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 1 Feb 2018 16:17:28 -0000
Subject: GNU C Library master sources branch master updated. glibc-2.26.9000-1255-g4590634

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  4590634fd65162568b9f52fb4beb60aa25da37f2 (commit)
      from  673e230560ac874deed6993d8b9ebaf82e73c408 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=4590634fd65162568b9f52fb4beb60aa25da37f2

commit 4590634fd65162568b9f52fb4beb60aa25da37f2
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu Feb 1 15:00:44 2018 +0100

    Record CVE-2018-6485 in ChangeLog and NEWS [BZ #22343]

diff --git a/ChangeLog b/ChangeLog
index fdf303a..713af78 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -702,6 +702,7 @@
 2018-01-18  Arjun Shankar  <arjun@redhat.com>
 
 	[BZ #22343]
+	CVE-2018-6485
 	* malloc/malloc.c (checked_request2size): call REQUEST_OUT_OF_RANGE
 	after padding.
 	(_int_memalign): check for integer overflow before calling
diff --git a/NEWS b/NEWS
index 5c27f5c..70798f6 100644
--- a/NEWS
+++ b/NEWS
@@ -258,6 +258,10 @@ Security related changes:
   succeeds without returning an absolute path due to unexpected behaviour
   of the Linux kernel getcwd syscall.  Reported by halfdog.
 
+  CVE-2018-6485: The posix_memalign and memalign functions, when called with
+  an object size near the value of SIZE_MAX, would return a pointer to a
+  buffer which is too small, instead of NULL.  Reported by Jakub Wilk.
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog |    1 +
 NEWS      |    4 ++++
 2 files changed, 5 insertions(+), 0 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]