Record CVE-2019-9169 in NEWS and ChangeLog [BZ #24114]

author Aurelien Jarno <aurelien@aurel32.net>

Sat, 16 Mar 2019 21:59:56 +0000 (22:59 +0100)

committer Aurelien Jarno <aurelien@aurel32.net>

Sat, 16 Mar 2019 22:00:42 +0000 (23:00 +0100)
author Aurelien Jarno <aurelien@aurel32.net>
Sat, 16 Mar 2019 21:59:56 +0000 (22:59 +0100)
committer Aurelien Jarno <aurelien@aurel32.net>
Sat, 16 Mar 2019 22:00:42 +0000 (23:00 +0100)
diff --git a/ChangeLog b/ChangeLog

index ce14d885b26f587b8ec6601092c4fdcb8732a625..f7c9ee51adfb0eadd795e96a6e5e7b5e0b363e48 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1576,6 +1576,7 @@
  
  2019-01-31  Paul Eggert  <eggert@cs.ucla.edu>
  
+       CVE-2019-9169
         regex: fix read overrun [BZ #24114]
         Problem found by AddressSanitizer, reported by Hongxu Chen in:
         https://debbugs.gnu.org/34140
diff --git a/NEWS b/NEWS

index f12524dc624d5587ee0dcafbbfae6230d37f9753..cdf7b51f6d2e313fa93a85be073237059b52a89e 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -46,6 +46,10 @@ Security related changes:
    memcmp gave the wrong result since it treated the size argument as
    zero.  Reported by H.J. Lu.
  
+  CVE-2019-9169: Attempted case-insensitive regular-expression match
+  via proceed_next_node in posix/regexec.c leads to heap-based buffer
+  over-read.  Reported by Hongxu Chen.
+
  The following bugs are resolved with this release:
  
    [The release manager will add the list generated by
author	Aurelien Jarno <aurelien@aurel32.net>
	Sat, 16 Mar 2019 21:59:56 +0000 (22:59 +0100)
committer	Aurelien Jarno <aurelien@aurel32.net>
	Sat, 16 Mar 2019 22:00:42 +0000 (23:00 +0100)
ChangeLog		patch \| blob \| blame \| history
NEWS		patch \| blob \| blame \| history