This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch master updated. glibc-2.19-631-gd03efb2

From: allan at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 21 Jun 2014 07:24:39 -0000
Subject: GNU C Library master sources branch master updated. glibc-2.19-631-gd03efb2

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  d03efb2f979defd473955a455d66b949961d26b2 (commit)
      from  dc9a54f800f4785621ebc54d2c26c7b7a6f2e8a1 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=d03efb2f979defd473955a455d66b949961d26b2

commit d03efb2f979defd473955a455d66b949961d26b2
Author: Allan McRae <allan@archlinux.org>
Date:   Sat Jun 21 17:23:55 2014 +1000

    Mention CVE-2014-4043 in NEWS

diff --git a/ChangeLog b/ChangeLog
index 047fa62..67b7896 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2014-06-21  Allan McRae  <allan@archlinux.org>
+
+	* NEWS: Mention CVE-2014-4043.
+
 2014-06-20  Roland McGrath  <roland@hack.frob.com>
 
 	* nptl/sysdeps/unix/sysv/linux/smp.h: Moved ...
diff --git a/NEWS b/NEWS
index 170aed2..8d08cd5 100644
--- a/NEWS
+++ b/NEWS
@@ -54,6 +54,12 @@ Version 2.20
   default mutexes are elided via __builtin_tbegin, if the cpu supports
   transactions. By default lock elision is not enabled and the elision code
   is not built.
+
+* CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not
+  copy the path argument.  This allowed programs to cause posix_spawn to
+  deference a dangling pointer, or use an unexpected pathname argument if
+  the string was modified after the posix_spawn_file_actions_addopen
+  invocation.
 
 Version 2.19
 

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog |    4 ++++
 NEWS      |    6 ++++++
 2 files changed, 10 insertions(+), 0 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]