From 914c9994d27b80bc3b71c483e801a4f04e269ba6 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Sun, 22 Oct 2017 09:29:52 +0200
Subject: Update NEWS and ChangeLog for CVE-2017-15671

---
 NEWS | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 0540fd2..c38fb88 100644
--- a/NEWS
+++ b/NEWS
@@ -77,6 +77,11 @@ Security related changes:
   on the stack or the heap, depending on the length of the user name).
   Reported by Tim Rühsen.
 
+  CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
+  would sometimes fail to free memory allocated during ~ operator
+  processing, leading to a memory leak and, potentially, to a denial
+  of service.
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by
-- 
cgit v1.1