Add CVE-2013-4332 to NEWS.

author: Will Newton <will.newton@linaro.org> 2013-09-13 09:26:02 +0100
committer: Adhemerval Zanella <azanella@linux.vnet.ibm.com> 2015-01-16 06:15:56 -0500
commit: 301e0d6f9a2218f2d1943860c2d14046b917e846 (patch)
tree: 7ff9c593c0e330151c37a20ff95b17a72a9622e1
parent: 9c77803abebe02a99a5329e28627e1ad6d074cfe (diff)
download: glibc-301e0d6f9a2218f2d1943860c2d14046b917e846.zip
glibc-301e0d6f9a2218f2d1943860c2d14046b917e846.tar.gz
glibc-301e0d6f9a2218f2d1943860c2d14046b917e846.tar.bz2
1 files changed, 5 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 96df7a9..e2931f1 100644
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,11 @@ Version 2.18.1
 * CVE-2013-4458 Stack overflow in getaddrinfo with large number of results
   for AF_INET6 has been fixed (Bugzilla #16072).
 
+* CVE-2013-4332 The pvalloc, valloc, memalign, posix_memalign and
+  aligned_alloc functions could allocate too few bytes or corrupt the
+  heap when passed very large allocation size values (Bugzilla #15855,
+  #15856, #15857).
+
 * CVE-2012-4424 The strcoll implementation uses malloc to cache indices and
   rules for large collation sequences to optimize multiple passes and falls
   back to alloca if malloc fails, resulting in a possible stack overflow.
author	Will Newton <will.newton@linaro.org>	2013-09-13 09:26:02 +0100
committer	Adhemerval Zanella <azanella@linux.vnet.ibm.com>	2015-01-16 06:15:56 -0500
commit	301e0d6f9a2218f2d1943860c2d14046b917e846 (patch)
tree	7ff9c593c0e330151c37a20ff95b17a72a9622e1
parent	9c77803abebe02a99a5329e28627e1ad6d074cfe (diff)
download	glibc-301e0d6f9a2218f2d1943860c2d14046b917e846.zip glibc-301e0d6f9a2218f2d1943860c2d14046b917e846.tar.gz glibc-301e0d6f9a2218f2d1943860c2d14046b917e846.tar.bz2