2018-05-09 Paul Pluzhnikov <ppluzhnikov@google.com>
[BZ #22786]
+ CVE-2018-11236
* stdlib/canonicalize.c (__realpath): Fix overflow in path length
computation.
* stdlib/Makefile (test-bz22786): New test.
Max Horn <max@quendi.de>
[BZ #22644]
+ CVE-2017-18269
* sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S: Fixed
branch conditions.
* string/test-memmove.c (do_test2): New testcase.
for AT_SECURE or SUID binaries could be used to load libraries from the
current directory.
+ CVE-2017-18269: An SSE2-based memmove implementation for the i386
+ architecture could corrupt memory. Reported by Max Horn.
+
CVE-2018-1000001: Buffer underflow in realpath function when getcwd function
succeeds without returning an absolute path due to unexpected behaviour
of the Linux kernel getcwd syscall. Reported by halfdog.