Update NEWS and ChangeLog for CVE-2017-15671

author Florian Weimer <fweimer@redhat.com>

Sun, 22 Oct 2017 07:29:52 +0000 (09:29 +0200)

committer Aurelien Jarno <aurelien@aurel32.net>

Fri, 1 Dec 2017 20:50:09 +0000 (21:50 +0100)
author Florian Weimer <fweimer@redhat.com>
Sun, 22 Oct 2017 07:29:52 +0000 (09:29 +0200)
committer Aurelien Jarno <aurelien@aurel32.net>
Fri, 1 Dec 2017 20:50:09 +0000 (21:50 +0100)
diff --git a/NEWS b/NEWS

index 359465ff3e137550d30432e698b14a19e5612028..037b28cb9bb6b5506a4b277851a13c0d7fa2294b 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -30,6 +30,11 @@ Security related changes:
    on the stack or the heap, depending on the length of the user name).
    Reported by Tim Rühsen.
  
+  CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
+  would sometimes fail to free memory allocated during ~ operator
+  processing, leading to a memory leak and, potentially, to a denial
+  of service.
+
  The following bugs are resolved with this release:
  
    [16750] ldd: Never run file directly.
author	Florian Weimer <fweimer@redhat.com>
	Sun, 22 Oct 2017 07:29:52 +0000 (09:29 +0200)
committer	Aurelien Jarno <aurelien@aurel32.net>
	Fri, 1 Dec 2017 20:50:09 +0000 (21:50 +0100)