NEWS: update list of fixed CVEs in 2.39

Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
author: Andreas K. Hüttel <dilfridge@gentoo.org> 2024-06-15 15:22:20 +0200
committer: Andreas K. Hüttel <dilfridge@gentoo.org> 2024-06-15 15:22:20 +0200
commit: 198632a05f6c7b9ab67d3331d8caace9ceabb685 (patch)
tree: 2bd265c9c3623f417ff810cd4644e90575aa59b8
parent: 77bb3c715447ce42b9a4815b1668292a4f762528 (diff)
download: glibc-198632a05f6c7b9ab67d3331d8caace9ceabb685.zip
glibc-198632a05f6c7b9ab67d3331d8caace9ceabb685.tar.gz
glibc-198632a05f6c7b9ab67d3331d8caace9ceabb685.tar.bz2
1 files changed, 20 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index eba57af..06faac3 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,26 @@ Version 2.39.1
 
 Security related changes:
 
+The following CVEs were fixed in this release:
+
+  GLIBC-SA-2024-0004:
+    ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
+    sequence (CVE-2024-2961)
+
+  GLIBC-SA-2024-0005:
+    nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599)
+
+  GLIBC-SA-2024-0006:
+    nscd: Null pointer crash after notfound response (CVE-2024-33600)
+
+  GLIBC-SA-2024-0007:
+    nscd: netgroup cache may terminate daemon on memory allocation
+    failure (CVE-2024-33601)
+
+  GLIBC-SA-2024-0008:
+    nscd: netgroup cache assumes NSS callback uses in-buffer strings
+    (CVE-2024-33602)
+
 The following bugs are resolved with this release:
 
   [19622] network: Support aliasing with struct sockaddr
author	Andreas K. Hüttel <dilfridge@gentoo.org>	2024-06-15 15:22:20 +0200
committer	Andreas K. Hüttel <dilfridge@gentoo.org>	2024-06-15 15:22:20 +0200
commit	198632a05f6c7b9ab67d3331d8caace9ceabb685 (patch)
tree	2bd265c9c3623f417ff810cd4644e90575aa59b8
parent	77bb3c715447ce42b9a4815b1668292a4f762528 (diff)
download	glibc-198632a05f6c7b9ab67d3331d8caace9ceabb685.zip glibc-198632a05f6c7b9ab67d3331d8caace9ceabb685.tar.gz glibc-198632a05f6c7b9ab67d3331d8caace9ceabb685.tar.bz2