From d81254d2efcb839fd11df2960df5bba579193808 Mon Sep 17 00:00:00 2001 From: Aurelien Jarno <aurelien@aurel32.net> Date: Fri, 1 Dec 2017 21:53:51 +0100 Subject: [PATCH 8/8] Update NEWS to add CVE-2017-15804 entry (cherry picked from commit 15e84c63c05e0652047ba5e738c54d79d62ba74b) --- NEWS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) #diff --git a/NEWS b/NEWS #index 0531dfa9c6..bc32643255 100644 #--- a/NEWS #+++ b/NEWS #@@ -30,8 +30,8 @@ Security related changes: # processing, leading to a memory leak and, potentially, to a denial # of service. # #-* The glob function, when invoked with GLOB_TILDE and without #- GLOB_NOESCAPE, could write past the end of a buffer while #+* CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and #+ without GLOB_NOESCAPE, could write past the end of a buffer while # unescaping user names. Reported by Tim Rühsen. # # The following bugs are resolved with this release: #-- #2.15.1