NEWS: update list of fixed CVEs in 2.39

author Andreas K. Hüttel <dilfridge@gentoo.org>

Sat, 15 Jun 2024 13:22:20 +0000 (15:22 +0200)

committer Andreas K. Hüttel <dilfridge@gentoo.org>

Sat, 15 Jun 2024 13:22:20 +0000 (15:22 +0200)
author Andreas K. Hüttel <dilfridge@gentoo.org>
Sat, 15 Jun 2024 13:22:20 +0000 (15:22 +0200)
committer Andreas K. Hüttel <dilfridge@gentoo.org>
Sat, 15 Jun 2024 13:22:20 +0000 (15:22 +0200)
diff --git a/NEWS b/NEWS

index eba57af12fd4b1da6f446b64836d8d5d02593410..06faac3b1f66f39d3689dcb540f23f3a48fac91e 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,26 @@ Version 2.39.1
  
  Security related changes:
  
+The following CVEs were fixed in this release:
+
+  GLIBC-SA-2024-0004:
+    ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
+    sequence (CVE-2024-2961)
+
+  GLIBC-SA-2024-0005:
+    nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599)
+
+  GLIBC-SA-2024-0006:
+    nscd: Null pointer crash after notfound response (CVE-2024-33600)
+
+  GLIBC-SA-2024-0007:
+    nscd: netgroup cache may terminate daemon on memory allocation
+    failure (CVE-2024-33601)
+
+  GLIBC-SA-2024-0008:
+    nscd: netgroup cache assumes NSS callback uses in-buffer strings
+    (CVE-2024-33602)
+
  The following bugs are resolved with this release:
  
    [19622] network: Support aliasing with struct sockaddr
author	Andreas K. Hüttel <dilfridge@gentoo.org>
	Sat, 15 Jun 2024 13:22:20 +0000 (15:22 +0200)
committer	Andreas K. Hüttel <dilfridge@gentoo.org>
	Sat, 15 Jun 2024 13:22:20 +0000 (15:22 +0200)