Add NEWS entry for CVE-2016-6323

author Florian Weimer <fweimer@redhat.com>

Tue, 16 Aug 2016 09:15:09 +0000 (11:15 +0200)

committer Florian Weimer <fweimer@redhat.com>

Tue, 16 Aug 2016 09:15:09 +0000 (11:15 +0200)
author Florian Weimer <fweimer@redhat.com>
Tue, 16 Aug 2016 09:15:09 +0000 (11:15 +0200)
committer Florian Weimer <fweimer@redhat.com>
Tue, 16 Aug 2016 09:15:09 +0000 (11:15 +0200)
diff --git a/ChangeLog b/ChangeLog

index 505c558121a39d59901153faa5cad4acc64a3058..87fcf32f026a2841d5873a5d2ad53db64d14b1f2 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,7 @@
  2016-08-15  Andreas Schwab  <schwab@suse.de>
  
         [BZ #20435]
+       CVE-2016-6323
         * sysdeps/unix/sysv/linux/arm/setcontext.S (__startcontext): Mark
         as .cantunwind.
  
diff --git a/NEWS b/NEWS

index fe9ff1c451a3263099f3f49ba781e465c96639de..aaed9e02cf8fbabedc32ed8345bf0d632d619445 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -34,7 +34,11 @@ Version 2.25
  
  Security related changes:
  
-  [Add security related changes here]
+  On ARM EABI (32-bit), generating a backtrace for execution contexts which
+  have been created with makecontext could fail to terminate due to a
+  missing .cantunwind annotation.  This has been observed to lead to a hang
+  (denial of service) in some Go applications compiled with gccgo.  Reported
+  by Andreas Schwab.
  
  The following bugs are resolved with this release:
author	Florian Weimer <fweimer@redhat.com>
	Tue, 16 Aug 2016 09:15:09 +0000 (11:15 +0200)
committer	Florian Weimer <fweimer@redhat.com>
	Tue, 16 Aug 2016 09:15:09 +0000 (11:15 +0200)
ChangeLog		patch \| blob \| blame \| history
NEWS		patch \| blob \| blame \| history