From 1e53b88296dc95d325d6073910a33dca851b6bc4 Mon Sep 17 00:00:00 2001 From: Florian Weimer <fweimer@redhat.com> Date: Sun, 22 Oct 2017 09:29:52 +0200 Subject: [PATCH 5/8] Update NEWS and ChangeLog for CVE-2017-15671 (cherry picked from commit 914c9994d27b80bc3b71c483e801a4f04e269ba6) --- ChangeLog | 1 + NEWS | 5 +++++ 2 files changed, 6 insertions(+) #diff --git a/ChangeLog b/ChangeLog #index 756a3cc0f0..01a1e99d83 100644 #--- a/ChangeLog #+++ b/ChangeLog #@@ -15,6 +15,7 @@ # 2017-09-08 Adhemerval Zanella <adhemerval.zanella@linaro.org> # # [BZ #1062] #+ CVE-2017-15671 # * posix/Makefile (routines): Add globfree, globfree64, and # glob_pattern_p. # * posix/flexmember.h: New file. #diff --git a/NEWS b/NEWS #index 8c10e88ec5..a70d21eb40 100644 #--- a/NEWS #+++ b/NEWS #@@ -25,6 +25,11 @@ Security related changes: # from a one-byte overflow during ~ operator processing (either on the stack # or the heap, depending on the length of the user name). # #+* CVE-2017-15671: The glob function, when invoked with GLOB_TILDE, #+ would sometimes fail to free memory allocated during ~ operator #+ processing, leading to a memory leak and, potentially, to a denial #+ of service. #+ # The following bugs are resolved with this release: # # [20790] Fix rpcgen buffer overrun #-- #2.15.1