This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch master updated. glibc-2.29.9000-138-gb626c5a

From: aurel32 at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 16 Mar 2019 22:24:48 -0000
Subject: GNU C Library master sources branch master updated. glibc-2.29.9000-138-gb626c5a

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  b626c5aa5d0673a9caa48fb79fba8bda237e6fa8 (commit)
      from  066ae81ec9b1a5bb8f8b93f4defb089f7b315833 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b626c5aa5d0673a9caa48fb79fba8bda237e6fa8

commit b626c5aa5d0673a9caa48fb79fba8bda237e6fa8
Author: Aurelien Jarno <aurelien@aurel32.net>
Date:   Sat Mar 16 22:59:56 2019 +0100

    Record CVE-2019-9169 in NEWS and ChangeLog [BZ #24114]

diff --git a/ChangeLog b/ChangeLog
index ce14d88..f7c9ee5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1576,6 +1576,7 @@
 
 2019-01-31  Paul Eggert  <eggert@cs.ucla.edu>
 
+	CVE-2019-9169
 	regex: fix read overrun [BZ #24114]
 	Problem found by AddressSanitizer, reported by Hongxu Chen in:
 	https://debbugs.gnu.org/34140
diff --git a/NEWS b/NEWS
index f12524d..cdf7b51 100644
--- a/NEWS
+++ b/NEWS
@@ -46,6 +46,10 @@ Security related changes:
   memcmp gave the wrong result since it treated the size argument as
   zero.  Reported by H.J. Lu.
 
+  CVE-2019-9169: Attempted case-insensitive regular-expression match
+  via proceed_next_node in posix/regexec.c leads to heap-based buffer
+  over-read.  Reported by Hongxu Chen.
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog |    1 +
 NEWS      |    4 ++++
 2 files changed, 5 insertions(+), 0 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]