diff options
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 8 |
1 files changed, 7 insertions, 1 deletions
@@ -12,7 +12,13 @@ Version 2.21 6652, 12926, 14132, 14138, 14171, 15215, 15884, 17266, 17344, 17363, 17370, 17371, 17411, 17460, 17475, 17485, 17501, 17506, 17508, 17522, 17555, 17570, 17571, 17572, 17573, 17574, 17582, 17583, 17584, 17585, - 17589, 17594, 17616. + 17589, 17594, 17616, 17625. + +* CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag + under certain input conditions resulting in the execution of a shell for + command substitution when the applicaiton did not request it. The + implementation now checks WRDE_NOCMD immediately before executing the + shell and returns the error WRDE_CMDSUB as expected. * The minimum GCC version that can be used to build this version of the GNU C Library is GCC 4.6. Older GCC versions, and non-GNU compilers, can |