This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch master updated. glibc-2.26-108-g403143e

From: fw at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 16 Aug 2017 14:47:36 -0000
Subject: GNU C Library master sources branch master updated. glibc-2.26-108-g403143e

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  403143e1df85dadd374f304bd891be0cd7573e3b (commit)
      from  eedca9772e99c72ab4c3c34e43cc764250aa3e3c (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=403143e1df85dadd374f304bd891be0cd7573e3b

commit 403143e1df85dadd374f304bd891be0cd7573e3b
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed Aug 16 16:47:20 2017 +0200

    Add ChangeLog reference to bug 16750/CVE-2009-5064

diff --git a/ChangeLog b/ChangeLog
index 7188d1e..e308ee9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,7 @@
 2017-08-16  Andreas Schwab  <schwab@suse.de>
 
+	[BZ #16750]
+	CVE-2009-5064
 	* elf/ldd.bash.in: Never run file directly.
 
 2017-08-15  H.J. Lu  <hongjiu.lu@intel.com>
diff --git a/NEWS b/NEWS
index 484c467..0008df1 100644
--- a/NEWS
+++ b/NEWS
@@ -22,7 +22,11 @@ Changes to build and runtime requirements:
 
 Security related changes:
 
-  [Add security related changes here]
+  CVE-2009-5064: The ldd script would sometimes run the program under
+  examination directly, without preventing code execution through the
+  dynamic linker.  (The glibc project disputes that this is a security
+  vulnerability; only trusted binaries must be examined using the ldd
+  script.)
 
 The following bugs are resolved with this release:
 

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog |    2 ++
 NEWS      |    6 +++++-
 2 files changed, 7 insertions(+), 1 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]