Add ChangeLog reference to bug 16750/CVE-2009-5064

author Florian Weimer <fweimer@redhat.com>

Wed, 16 Aug 2017 14:47:20 +0000 (16:47 +0200)

committer Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>

Fri, 6 Apr 2018 19:26:37 +0000 (16:26 -0300)
author Florian Weimer <fweimer@redhat.com>
Wed, 16 Aug 2017 14:47:20 +0000 (16:47 +0200)
committer Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
Fri, 6 Apr 2018 19:26:37 +0000 (16:26 -0300)
diff --git a/ChangeLog b/ChangeLog

index dfacabe5ff8fe6512e04b3e12c9fdbecf3d02ae2..a01b406e42614c4223f42b65be7822d834f7984d 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -48,6 +48,8 @@
  
  2017-08-16  Andreas Schwab  <schwab@suse.de>
  
+       [BZ #16750]
+       CVE-2009-5064
         * elf/ldd.bash.in: Never run file directly.
  
  2016-10-14  Carlos Eduardo Seo  <cseo@linux.vnet.ibm.com>
diff --git a/NEWS b/NEWS

index ebebb402e10d6920f7966c9980df19efec0bbf44..d7c016c021e6d77d6ebe8843eef5e8df048cef1f 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -81,6 +81,12 @@ Version 2.22.1
    to the allocation of too much memory.  (This is not a security bug per se,
    it is mentioned here only because of the CVE assignment.)  Reported by
    Qualys.
+
+* CVE-2009-5064: The ldd script would sometimes run the program under
+  examination directly, without preventing code execution through the
+  dynamic linker.  (The glibc project disputes that this is a security
+  vulnerability; only trusted binaries must be examined using the ldd
+  script.)
  \f
  Version 2.22
author	Florian Weimer <fweimer@redhat.com>
	Wed, 16 Aug 2017 14:47:20 +0000 (16:47 +0200)
committer	Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
	Fri, 6 Apr 2018 19:26:37 +0000 (16:26 -0300)
ChangeLog		patch \| blob \| blame \| history
NEWS		patch \| blob \| blame \| history