Message ID | 87bljwdmle.fsf@oldenburg2.str.redhat.com |
---|---|
State | New |
Headers | show |
Series | Move NEWS entry for CVE-2020-1751 to the 2.31 section | expand |
On 7/31/20 6:07 AM, Florian Weimer via Libc-alpha wrote: > It was fixed in commit d93769405996dfc11d216ddbe415946617b5a494 > ("Fix array overflow in backtrace on PowerPC (bug 25423)"), which > went into glibc 2.31. OK for 2.32. Reviewed-by: Carlos O'Donell <carlos@redhat.com> > --- > NEWS | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/NEWS b/NEWS > index 7fb167e650..85f91b3ecb 100644 > --- a/NEWS > +++ b/NEWS > @@ -171,9 +171,6 @@ Security related changes: > corruption when they were passed a pseudo-zero argument. Reported by Guido > Vranken / ForAllSecure Mayhem. > > - CVE-2020-1751: A defect in the PowerPC backtrace function could cause an > - out-of-bounds write when executed in a signal frame context. > - > CVE-2020-1752: A use-after-free vulnerability in the glob function when > expanding ~user has been fixed. > > @@ -325,6 +322,9 @@ Changes to build and runtime requirements: > > Security related changes: > > + CVE-2020-1751: A defect in the PowerPC backtrace function could cause an > + out-of-bounds write when executed in a signal frame context. > + > CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC > environment variable during program execution after a security > transition, allowing local attackers to restrict the possible mapping >
diff --git a/NEWS b/NEWS index 7fb167e650..85f91b3ecb 100644 --- a/NEWS +++ b/NEWS @@ -171,9 +171,6 @@ Security related changes: corruption when they were passed a pseudo-zero argument. Reported by Guido Vranken / ForAllSecure Mayhem. - CVE-2020-1751: A defect in the PowerPC backtrace function could cause an - out-of-bounds write when executed in a signal frame context. - CVE-2020-1752: A use-after-free vulnerability in the glob function when expanding ~user has been fixed. @@ -325,6 +322,9 @@ Changes to build and runtime requirements: Security related changes: + CVE-2020-1751: A defect in the PowerPC backtrace function could cause an + out-of-bounds write when executed in a signal frame context. + CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping