This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.29.9000-138-gb626c5a
- From: aurel32 at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 16 Mar 2019 22:24:48 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.29.9000-138-gb626c5a
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via b626c5aa5d0673a9caa48fb79fba8bda237e6fa8 (commit)
from 066ae81ec9b1a5bb8f8b93f4defb089f7b315833 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=b626c5aa5d0673a9caa48fb79fba8bda237e6fa8
commit b626c5aa5d0673a9caa48fb79fba8bda237e6fa8
Author: Aurelien Jarno <aurelien@aurel32.net>
Date: Sat Mar 16 22:59:56 2019 +0100
Record CVE-2019-9169 in NEWS and ChangeLog [BZ #24114]
diff --git a/ChangeLog b/ChangeLog
index ce14d88..f7c9ee5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1576,6 +1576,7 @@
2019-01-31 Paul Eggert <eggert@cs.ucla.edu>
+ CVE-2019-9169
regex: fix read overrun [BZ #24114]
Problem found by AddressSanitizer, reported by Hongxu Chen in:
https://debbugs.gnu.org/34140
diff --git a/NEWS b/NEWS
index f12524d..cdf7b51 100644
--- a/NEWS
+++ b/NEWS
@@ -46,6 +46,10 @@ Security related changes:
memcmp gave the wrong result since it treated the size argument as
zero. Reported by H.J. Lu.
+ CVE-2019-9169: Attempted case-insensitive regular-expression match
+ via proceed_next_node in posix/regexec.c leads to heap-based buffer
+ over-read. Reported by Hongxu Chen.
+
The following bugs are resolved with this release:
[The release manager will add the list generated by
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 1 +
NEWS | 4 ++++
2 files changed, 5 insertions(+), 0 deletions(-)
hooks/post-receive
--
GNU C Library master sources