From patchwork Sat Jun 21 07:27:27 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Allan McRae <allan@archlinux.org>
X-Patchwork-Id: 362414
Return-Path: 
 <libc-alpha-return-51015-incoming=patchwork.ozlabs.org@sourceware.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3C8F814007F
	for <incoming@patchwork.ozlabs.org>;
	Sat, 21 Jun 2014 17:27:47 +1000 (EST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:date:message-id; q=dns; s=
	default; b=N9F12G+rvnN1t/KN43Y94cOX6H+iM17AsFBZMSXKqK2fIYQtxVaql
	xIboLmg0b+4epTvbkGk4cjPztVicZx7LxM7xfqO7if6jkE78J74WiB2jSgl6WsgC
	HzAyErYL5GyygTvDx2nMCmfvvRtW6CM0Du1MxM9BoL682dcskfjkr8=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:date:message-id; s=default;
	bh=G0ACCOdV6mCFiY0RxKWbG1dveLE=; b=hmZQTkjxMlZ6Zs1mnPIzjrnzZrZG
	W0X9Ju8CF98FqsgB1CkUw0fod060lVzvgg2RDN10lmsiOZHCNsleLMXs+V8tFp9c
	096d4Qf/ogRktxP38hPxI6rTi8GYHfMwOjAfiN+Y5OZtJVJzBA2G2FrjFiI7nBLJ
	zSgfgb5bvwk3qOY=
Received: (qmail 9988 invoked by alias); 21 Jun 2014 07:27:41 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: 
 <mailto:libc-alpha-unsubscribe-incoming=patchwork.ozlabs.org@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Delivered-To: mailing list libc-alpha@sourceware.org
Received: (qmail 9973 invoked by uid 89); 21 Jun 2014 07:27:40 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-2.4 required=5.0 tests=AWL, BAYES_00,
	SPF_PASS, T_RP_MATCHES_RCVD autolearn=ham version=3.3.2
X-HELO: gerolde.archlinux.org
From: Allan McRae <allan@archlinux.org>
To: libc-alpha@sourceware.org
Subject: [COMMITTED] Mention CVE-2014-4043 in NEWS
Date: Sat, 21 Jun 2014 17:27:27 +1000
Message-Id: <1403335647-12000-1-git-send-email-allan@archlinux.org>

---
 ChangeLog | 4 ++++
 NEWS      | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 047fa62..67b7896 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2014-06-21  Allan McRae  <allan@archlinux.org>
+
+	* NEWS: Mention CVE-2014-4043.
+
 2014-06-20  Roland McGrath  <roland@hack.frob.com>
 
 	* nptl/sysdeps/unix/sysv/linux/smp.h: Moved ...
diff --git a/NEWS b/NEWS
index 170aed2..8d08cd5 100644
--- a/NEWS
+++ b/NEWS
@@ -54,6 +54,12 @@ Version 2.20
   default mutexes are elided via __builtin_tbegin, if the cpu supports
   transactions. By default lock elision is not enabled and the elision code
   is not built.
+
+* CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not
+  copy the path argument.  This allowed programs to cause posix_spawn to
+  deference a dangling pointer, or use an unexpected pathname argument if
+  the string was modified after the posix_spawn_file_actions_addopen
+  invocation.
 
 Version 2.19