From 403143e1df85dadd374f304bd891be0cd7573e3b Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Wed, 16 Aug 2017 16:47:20 +0200 Subject: Add ChangeLog reference to bug 16750/CVE-2009-5064 --- ChangeLog | 2 ++ NEWS | 6 +++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 7188d1e..e308ee9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,7 @@ 2017-08-16 Andreas Schwab + [BZ #16750] + CVE-2009-5064 * elf/ldd.bash.in: Never run file directly. 2017-08-15 H.J. Lu diff --git a/NEWS b/NEWS index 484c467..0008df1 100644 --- a/NEWS +++ b/NEWS @@ -22,7 +22,11 @@ Changes to build and runtime requirements: Security related changes: - [Add security related changes here] + CVE-2009-5064: The ldd script would sometimes run the program under + examination directly, without preventing code execution through the + dynamic linker. (The glibc project disputes that this is a security + vulnerability; only trusted binaries must be examined using the ldd + script.) The following bugs are resolved with this release: -- cgit v1.1