[COMMITTED 2.26 4/4] Update NEWS to add CVE-2017-15804 entry
Aurelien Jarno
aurelien@aurel32.net
Sun Jan 1 00:00:00 GMT 2017
(cherry picked from commit 15e84c63c05e0652047ba5e738c54d79d62ba74b)
---
NEWS | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/NEWS b/NEWS
index 7d3a326d88..61bffe0451 100644
--- a/NEWS
+++ b/NEWS
@@ -35,8 +35,8 @@ Security related changes:
processing, leading to a memory leak and, potentially, to a denial
of service.
- The glob function, when invoked with GLOB_TILDE and without
- GLOB_NOESCAPE, could write past the end of a buffer while
+ CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and
+ without GLOB_NOESCAPE, could write past the end of a buffer while
unescaping user names. Reported by Tim Rühsen.
The following bugs are resolved with this release:
--
2.15.0
More information about the Libc-stable
mailing list