From patchwork Fri Mar 13 21:30:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Aurelien Jarno X-Patchwork-Id: 1254692 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=sourceware.org; envelope-from=libc-alpha-bounces@sourceware.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=aurel32.net Received: from sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48fJlv0R9hz9sP7 for ; Sat, 14 Mar 2020 08:31:06 +1100 (AEDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id A74DB3AAA082; Fri, 13 Mar 2020 21:31:04 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from hall.aurel32.net (hall.aurel32.net [IPv6:2001:bc8:30d7:100::1]) by sourceware.org (Postfix) with ESMTPS id 3FBE43AAA07F for ; Fri, 13 Mar 2020 21:31:02 +0000 (GMT) Received: from [2a01:e35:2fdd:a4e1:fe91:fc89:bc43:b814] (helo=ohm.rr44.fr) by hall.aurel32.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1jCrtU-0005ou-G5; Fri, 13 Mar 2020 22:31:00 +0100 Received: from aurel32 by ohm.rr44.fr with local (Exim 4.93) (envelope-from ) id 1jCrtT-003e9p-Tc; Fri, 13 Mar 2020 22:30:59 +0100 From: Aurelien Jarno To: libc-alpha@sourceware.org Subject: [PATCH] Add NEWS entry for CVE-2020-1752 (bug 25414) Date: Fri, 13 Mar 2020 22:30:25 +0100 Message-Id: <20200313213025.869274-1-aurelien@aurel32.net> X-Mailer: git-send-email 2.24.1 MIME-Version: 1.0 X-Spam-Status: No, score=-25.7 required=5.0 tests=GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, RCVD_IN_DNSWL_LOW, SPF_HELO_PASS, SPF_NONE autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Andreas Schwab Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" --- NEWS | 3 +++ 1 file changed, 3 insertions(+) Bug 25414 got attributed a CVE entry. Here is a patch to add an entry NEWS. diff --git a/NEWS b/NEWS index e0379fc53c1..68a408a3bc6 100644 --- a/NEWS +++ b/NEWS @@ -25,6 +25,9 @@ Security related changes: corruption when they were passed a pseudo-zero argument. Reported by Guido Vranken / ForAllSecure Mayhem. + CVE-2020-1752: A use-after-free vulnerability in the glob function when + expanding ~user has been fixed. + The following bugs are resolved with this release: [The release manager will add the list generated by