From: Gabriel F. T. Gomes <gftg@linux.vnet.ibm.com>
Date: Wed, 25 May 2016 13:04:06 +0000 (-0300)
Subject: Merge release/2.20/master into ibm/2.20/master
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fheads%2Fibm%2F2.20%2Fmaster;p=thirdparty%2Fglibc.git

Merge release/2.20/master into ibm/2.20/master

Conflicts:
	NEWS
---

2feb372c585eb77141adbff24d4958e5a5e6678a
diff --cc NEWS
index 52d14e38be3,dc8679f8cac..6181729b61c
--- a/NEWS
+++ b/NEWS
@@@ -10,7 -10,21 +10,21 @@@ Version 2.20.
  * The following bugs are resolved with this release:
  
    16009, 16617, 16618, 17266, 17269, 17370, 17371, 17460, 17485, 17555,
-   17625, 17630, 17801, 18007, 18032, 18287, 18665, 18694, 18928, 19018.
 -  17625, 17630, 17801, 17905, 18032, 18080, 18240, 18508, 18665, 18694,
 -  18928, 19018, 19682.
++  17625, 17630, 17801, 17905, 18007, 18032, 18080, 18240, 18287, 18508,
++  18665, 18694, 18928, 19018, 19682.
+ 
+ * The glob function suffered from a stack-based buffer overflow when it was
+   called with the GLOB_ALTDIRFUNC flag and encountered a long file name.
+   Reported by Alexander Cherepanov.  (CVE-2016-1234)
+ 
+ * An unnecessary stack copy in _nss_dns_getnetbyname_r was removed.  It
+   could result in a stack overflow when getnetbyname was called with an
+   overly long name.  (CVE-2016-3075)
+ 
+ * Previously, getaddrinfo copied large amounts of address data to the stack,
+   even after the fix for CVE-2013-4458 has been applied, potentially
+   resulting in a stack overflow.  getaddrinfo now uses a heap allocation
+   instead.  Reported by Michael Petlan.  (CVE-2016-3706)
  
  * A stack-based buffer overflow was found in libresolv when invoked from
    libnss_dns, allowing specially crafted DNS responses to seize control