[PATCH] NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3)
Paul Zimmermann
Paul.Zimmermann@inria.fr
Fri Jan 29 16:38:05 GMT 2021
Dear Florian,
> + CVE-2021-3326: An assertion failure during conversion from from the
duplicate "from"
> + qISO-20220-JP-3 character set using the iconv function has been fixed.
> + This assertion wis triggered by certain valid inputs in which the
wis -> was
> + converted output contains a combined sequence of two wide characters
> + crossing a buffer boundary. Reported by Tavis Ormandy.
Paul
More information about the Libc-alpha
mailing list