]> git.ipfire.org Git - thirdparty/glibc.git/blobdiff - NEWS
projects / thirdparty / glibc.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
elf: Compute correct array size in _dl_init_paths [BZ #22606]
[thirdparty/glibc.git] / NEWS
diff --git a/NEWS b/NEWS
index abbe561dcb53a7f3a0ce5bb28806594198258d3e..eef51b65a62395901a3b735696b0239e41a7ac20 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -125,6 +125,11 @@ Security related changes:
   instead of NULL.  This was a regression introduced with the new malloc
   thread cache in glibc 2.26.  Reported by Iain Buclaw.
 
+  CVE-2017-1000408: Incorrect array size computation in _dl_init_paths leads
+  to the allocation of too much memory.  (This is not a security bug per se,
+  it is mentioned here only because of the CVE assignment.)  Reported by
+  Qualys.
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by
A mirror of the official glibc repository