This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.23-272-gf5b3338
- From: fw at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 29 Apr 2016 08:48:00 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.23-272-gf5b3338
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via f5b3338d70a7a2c626331ac4589b6deb2f610432 (commit)
from 4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=f5b3338d70a7a2c626331ac4589b6deb2f610432
commit f5b3338d70a7a2c626331ac4589b6deb2f610432
Author: Florian Weimer <fweimer@redhat.com>
Date: Fri Apr 29 10:47:40 2016 +0200
NEWS entry for CVE-2016-3075
diff --git a/NEWS b/NEWS
index aa6209e..24e13ae 100644
--- a/NEWS
+++ b/NEWS
@@ -27,6 +27,10 @@ Version 2.24
Security related changes:
+* An unnecessary stack copy in _nss_dns_getnetbyname_r was removed. It
+ could result in a stack overflow when getnetbyname was called with an
+ overly long name. (CVE-2016-3075)
+
* Previously, getaddrinfo copied large amounts of address data to the stack,
even after the fix for CVE-2013-4458 has been applied, potentially
resulting in a stack overflow. getaddrinfo now uses a heap allocation
-----------------------------------------------------------------------
Summary of changes:
NEWS | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
hooks/post-receive
--
GNU C Library master sources