aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAllan McRae <allan@archlinux.org>2014-06-21 17:23:55 +1000
committerAdhemerval Zanella <azanella@linux.vnet.ibm.com>2015-01-15 15:18:56 -0500
commit3b6ac4b1093333f364698ca3bb812c80b11c2f77 (patch)
tree4858c911802b525b04e6fa287fa7f2a5fab02288
parentf7865ec21e8ad32929509796497fa3b44c3ef826 (diff)
downloadglibc-3b6ac4b1093333f364698ca3bb812c80b11c2f77.zip
glibc-3b6ac4b1093333f364698ca3bb812c80b11c2f77.tar.gz
glibc-3b6ac4b1093333f364698ca3bb812c80b11c2f77.tar.bz2
Mention CVE-2014-4043 in NEWS
Diffstat
-rw-r--r--ChangeLog4
-rw-r--r--NEWS6
2 files changed, 10 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index a101ac8..ed23b08 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2014-06-21 Allan McRae <allan@archlinux.org>
+
+ * NEWS: Mention CVE-2014-4043.
+
2014-06-11 Florian Weimer <fweimer@redhat.com>
[BZ #17048]
diff --git a/NEWS b/NEWS
index 1745060..a0bf400 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,12 @@ Version 2.16.1
6530, 14195, 14547, 14459, 14476, 14562, 14621, 14648, 14699, 14756, 14831,
15078, 15754, 15755, 16072, 17048, 17137, 17187, 17325.
+* CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not
+ copy the path argument. This allowed programs to cause posix_spawn to
+ deference a dangling pointer, or use an unexpected pathname argument if
+ the string was modified after the posix_spawn_file_actions_addopen
+ invocation.
+
* Decoding a crafted input sequence in the character sets IBM933, IBM935,
IBM937, IBM939, IBM1364 could result in an out-of-bounds array read,
resulting a denial-of-service security vulnerability in applications which
generated by cgit v1.1 at 2025-01-31 05:11:41 +0000