diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 9 |
1 files changed, 9 insertions, 0 deletions
@@ -95,6 +95,15 @@ Version 2.22.1 * CVE-2018-6551: The malloc function, when called with an object size near the value of SIZE_MAX, would return a pointer to a buffer which is too small, instead of NULL. + +* CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, suffered + from a one-byte overflow during ~ operator processing (either on the stack + or the heap, depending on the length of the user name). + +* CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and without + GLOB_NOESCAPE, could write past the end of a buffer while + unescaping user names. Reported by Tim Rühsen. + Version 2.22 |