This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch release/2.21/master updated. glibc-2.21-2-gc66e8b9

From: fw at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 6 Feb 2015 15:58:12 -0000
Subject: GNU C Library master sources branch release/2.21/master updated. glibc-2.21-2-gc66e8b9

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, release/2.21/master has been updated
       via  c66e8b9e58603e92171cd87f9ad3759304f25255 (commit)
      from  004c993bdd407d589ae3b88e2a012525122f01e2 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c66e8b9e58603e92171cd87f9ad3759304f25255

commit c66e8b9e58603e92171cd87f9ad3759304f25255
Author: Florian Weimer <fweimer@redhat.com>
Date:   Fri Feb 6 16:30:15 2015 +0100

    NEWS: Also mention CVE-2015-1473

diff --git a/NEWS b/NEWS
index 617cdbb..4b07474 100644
--- a/NEWS
+++ b/NEWS
@@ -21,10 +21,11 @@ Version 2.21
   17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885,
   17892.
 
-* CVE-2015-1472 Under certain conditions wscanf can allocate too little
-  memory for the to-be-scanned arguments and overflow the allocated
-  buffer.  The implementation now correctly computes the required buffer
-  size when using malloc.
+* CVE-2015-1472 CVE-2015-1473 Under certain conditions wscanf can allocate
+  too little memory for the to-be-scanned arguments and overflow the
+  allocated buffer.  The implementation now correctly computes the required
+  buffer size when using malloc, and switches to malloc from alloca as
+  intended.
 
 * A new semaphore algorithm has been implemented in generic C code for all
   machines. Previous custom assembly implementations of semaphore were

-----------------------------------------------------------------------

Summary of changes:
 NEWS |    9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]