[PATCH v2] NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3)
Florian Weimer
fweimer@redhat.com
Fri Jan 29 16:41:13 GMT 2021
---
v2: fix the typos Paul Zimmermann reported
NEWS | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/NEWS b/NEWS
index 6521a4f5b7..0d589f9f6e 100644
--- a/NEWS
+++ b/NEWS
@@ -102,6 +102,12 @@ Changes to build and runtime requirements:
Security related changes:
+ CVE-2021-3326: An assertion failure during conversion from the
+ qISO-20220-JP-3 character set using the iconv function has been fixed.
+ This assertion was triggered by certain valid inputs in which the
+ converted output contains a combined sequence of two wide characters
+ crossing a buffer boundary. Reported by Tavis Ormandy.
+
CVE-2020-27618: An infinite loop has been fixed in the iconv program when
invoked with input containing redundant shift sequences in the IBM1364,
IBM1371, IBM1388, IBM1390, or IBM1399 character sets.
--
Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill
More information about the Libc-alpha
mailing list