From 1e53b88296dc95d325d6073910a33dca851b6bc4 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Sun, 22 Oct 2017 09:29:52 +0200
Subject: [PATCH 5/8] Update NEWS and ChangeLog for CVE-2017-15671

(cherry picked from commit 914c9994d27b80bc3b71c483e801a4f04e269ba6)
---
 ChangeLog | 1 +
 NEWS      | 5 +++++
 2 files changed, 6 insertions(+)

#diff --git a/ChangeLog b/ChangeLog
#index 756a3cc0f0..01a1e99d83 100644
#--- a/ChangeLog
#+++ b/ChangeLog
#@@ -15,6 +15,7 @@
# 2017-09-08  Adhemerval Zanella  <adhemerval.zanella@linaro.org>
# 
# 	[BZ #1062]
#+	CVE-2017-15671
# 	* posix/Makefile (routines): Add globfree, globfree64, and
# 	glob_pattern_p.
# 	* posix/flexmember.h: New file.
#diff --git a/NEWS b/NEWS
#index 8c10e88ec5..a70d21eb40 100644
#--- a/NEWS
#+++ b/NEWS
#@@ -25,6 +25,11 @@ Security related changes:
#   from a one-byte overflow during ~ operator processing (either on the stack
#   or the heap, depending on the length of the user name).
# 
#+* CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
#+  would sometimes fail to free memory allocated during ~ operator
#+  processing, leading to a memory leak and, potentially, to a denial
#+  of service.
#+
# The following bugs are resolved with this release:
# 
#   [20790] Fix rpcgen buffer overrun
#-- 
#2.15.1