From: Florian Weimer <fweimer@redhat.com>
Date: Tue, 16 Aug 2016 09:15:09 +0000 (+0200)
Subject: Add NEWS entry for CVE-2016-6323
X-Git-Tag: glibc-2.25~624
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4d047efdbc55b0d68947cde682e5363d16a66294;p=thirdparty%2Fglibc.git

Add NEWS entry for CVE-2016-6323
---

diff --git a/ChangeLog b/ChangeLog
index 505c558121a..87fcf32f026 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,7 @@
 2016-08-15  Andreas Schwab  <schwab@suse.de>
 
 	[BZ #20435]
+	CVE-2016-6323
 	* sysdeps/unix/sysv/linux/arm/setcontext.S (__startcontext): Mark
 	as .cantunwind.
 
diff --git a/NEWS b/NEWS
index fe9ff1c451a..aaed9e02cf8 100644
--- a/NEWS
+++ b/NEWS
@@ -34,7 +34,11 @@ Version 2.25
 
 Security related changes:
 
-  [Add security related changes here]
+  On ARM EABI (32-bit), generating a backtrace for execution contexts which
+  have been created with makecontext could fail to terminate due to a
+  missing .cantunwind annotation.  This has been observed to lead to a hang
+  (denial of service) in some Go applications compiled with gccgo.  Reported
+  by Andreas Schwab.
 
 The following bugs are resolved with this release: