This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH COMMITTED] Update NEWS and ChangeLog for CVE-2017-15671
- From: Florian Weimer <fweimer at redhat dot com>
- To: GNU C Library <libc-alpha at sourceware dot org>
- Date: Sun, 22 Oct 2017 09:31:48 +0200
- Subject: [PATCH COMMITTED] Update NEWS and ChangeLog for CVE-2017-15671
- Authentication-results: sourceware.org; auth=none
- Authentication-results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
- Authentication-results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=fweimer at redhat dot com
- Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com A69083680A
Backporting is still ongoing, and there is already the next bug to fix.
Florian
commit 914c9994d27b80bc3b71c483e801a4f04e269ba6
Author: Florian Weimer <fweimer@redhat.com>
Date: Sun Oct 22 09:29:52 2017 +0200
Update NEWS and ChangeLog for CVE-2017-15671
diff --git a/ChangeLog b/ChangeLog
index c20121ab1b..bc15aef2ba 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3965,6 +3965,7 @@
All uses removed.
[BZ #1062]
+ CVE-2017-15671
* posix/Makefile (routines): Add globfree, globfree64, and
glob_pattern_p.
* posix/flexmember.h: New file.
diff --git a/NEWS b/NEWS
index 0540fd2713..c38fb88ac4 100644
--- a/NEWS
+++ b/NEWS
@@ -77,6 +77,11 @@ Security related changes:
on the stack or the heap, depending on the length of the user name).
Reported by Tim Rühsen.
+ CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
+ would sometimes fail to free memory allocated during ~ operator
+ processing, leading to a memory leak and, potentially, to a denial
+ of service.
+
The following bugs are resolved with this release:
[The release manager will add the list generated by