]> git.ipfire.org Git - thirdparty/glibc.git/commitdiff
projects / thirdparty / glibc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2aee101)
Record CVE-2019-9169 in NEWS and ChangeLog [BZ #24114]
authorAurelien Jarno <aurelien@aurel32.net>
Sat, 16 Mar 2019 21:59:56 +0000 (22:59 +0100)
committerAurelien Jarno <aurelien@aurel32.net>
Sat, 16 Mar 2019 22:34:23 +0000 (23:34 +0100)
(cherry picked from commit b626c5aa5d0673a9caa48fb79fba8bda237e6fa8)

ChangeLog patch | blob | blame | history
NEWS patch | blob | blame | history

diff --git a/ChangeLog b/ChangeLog
index 0ef60fa5ac556c9e39466b2bf4b24604fcec9586..5667d9262bcf97772826174676208dffb347106a 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
 2019-01-31  Paul Eggert  <eggert@cs.ucla.edu>
 
+       CVE-2019-9169
        regex: fix read overrun [BZ #24114]
        Problem found by AddressSanitizer, reported by Hongxu Chen in:
        https://debbugs.gnu.org/34140
diff --git a/NEWS b/NEWS
index 11d9af739c38bd044b013cbf26195dbc0402ae11..f4981a16f088abaaf4b0a5a9c59f7b916fd667e6 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -76,6 +76,10 @@ Security related changes:
   CVE-2016-10739: The getaddrinfo function could successfully parse IPv4
   addresses with arbitrary trailing characters, potentially leading to data
   or command injection issues in applications.
+
+  CVE-2019-9169: Attempted case-insensitive regular-expression match
+  via proceed_next_node in posix/regexec.c leads to heap-based buffer
+  over-read.  Reported by Hongxu Chen.
 \f
 Version 2.28
 
A mirror of the official glibc repository