[glibc/release/2.27/master] Add NEWS entry for CVE-2020-6096 (bug 25620)
Dmitry Levin
ldv@sourceware.org
Mon Nov 16 20:59:59 GMT 2020
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=daf88b1dd1a41fcb324801c02ead7a8d5aac3851
commit daf88b1dd1a41fcb324801c02ead7a8d5aac3851
Author: Aurelien Jarno <aurelien@aurel32.net>
Date: Sun Jul 12 21:58:43 2020 +0200
Add NEWS entry for CVE-2020-6096 (bug 25620)
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 17400c4bcd57d84add1da3aa93248ef2efdb0ccb)
Diff:
---
NEWS | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/NEWS b/NEWS
index cf36993718..ca2012de45 100644
--- a/NEWS
+++ b/NEWS
@@ -76,6 +76,11 @@ Security related changes:
CVE-2020-1752: A use-after-free vulnerability in the glob function when
expanding ~user has been fixed.
+ CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
+ memmove functions has been fixed. Discovered by Jason Royes and Samual
+ Dytrych of the Cisco Security Assessment and Penetration Team (See
+ TALOS-2020-1019).
+
The following bugs are resolved with this release:
[6889] 'PWD' mentioned but not specified
@@ -159,6 +164,7 @@ The following bugs are resolved with this release:
[25232] No const correctness for strchr et al. for Clang++
[25414] 'glob' use-after-free bug (CVE-2020-1752)
[25423] Array overflow in backtrace on powerpc
+ [25620] libc: Signed comparison vulnerability in the ARMv7 memcpy() (CVE-2020-6096)
�
Version 2.27
More information about the Glibc-cvs
mailing list