This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.27.9000-33-g71aa429
- From: fw at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 6 Feb 2018 08:19:47 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.27.9000-33-g71aa429
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 71aa429b029fdb6f9e65d44050388b51eca460d6 (commit)
from 26c07172cde74617ca7214c93cdcfa75321e6b2b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=71aa429b029fdb6f9e65d44050388b51eca460d6
commit 71aa429b029fdb6f9e65d44050388b51eca460d6
Author: Florian Weimer <fweimer@redhat.com>
Date: Tue Feb 6 09:19:03 2018 +0100
Record CVE-2018-6551 in NEWS and ChangeLog [BZ #22774]
diff --git a/ChangeLog b/ChangeLog
index ca221a4..e6e29b1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -999,7 +999,9 @@
2018-01-18 Arjun Shankar <arjun@redhat.com>
[BZ #22343]
+ [BZ #22774]
CVE-2018-6485
+ CVE-2018-6551
* malloc/malloc.c (checked_request2size): call REQUEST_OUT_OF_RANGE
after padding.
(_int_memalign): check for integer overflow before calling
diff --git a/NEWS b/NEWS
index 06ae43d..3629944 100644
--- a/NEWS
+++ b/NEWS
@@ -291,6 +291,10 @@ Security related changes:
an object size near the value of SIZE_MAX, would return a pointer to a
buffer which is too small, instead of NULL. Reported by Jakub Wilk.
+ CVE-2018-6551: The malloc function, when called with an object size near
+ the value of SIZE_MAX, would return a pointer to a buffer which is too
+ small, instead of NULL.
+
The following bugs are resolved with this release:
[866] glob: glob should match dangling symlinks
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 2 ++
NEWS | 4 ++++
2 files changed, 6 insertions(+), 0 deletions(-)
hooks/post-receive
--
GNU C Library master sources