From 5171f3079f2cc53e0548fc4967361f4d1ce9d7ea Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Wed, 4 May 2016 12:09:35 +0200
Subject: CVE-2016-1234: glob: Do not copy d_name field of struct dirent [BZ
 #19779]

Instead, we store the data we need from the return value of
readdir in an object of the new type struct readdir_result.
This type is independent of the layout of struct dirent.
---
 NEWS | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 1e12173..b3fd3cc 100644
--- a/NEWS
+++ b/NEWS
@@ -44,6 +44,10 @@ Security related changes:
   resulting in a stack overflow.  getaddrinfo now uses a heap allocation
   instead.  Reported by Michael Petlan.  (CVE-2016-3706)
 
+* The glob function suffered from a stack-based buffer overflow when it was
+  called with the GLOB_ALTDIRFUNC flag and encountered a long file name.
+  Reported by Alexander Cherepanov.  (CVE-2016-1234)
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by
-- 
cgit v1.1