Add NEWS entry for CVE-2022-39046

author Siddhesh Poyarekar <siddhesh@sourceware.org>

Tue, 6 Sep 2022 13:31:50 +0000 (09:31 -0400)

committer Siddhesh Poyarekar <siddhesh@sourceware.org>

Tue, 6 Sep 2022 13:36:54 +0000 (09:36 -0400)
author Siddhesh Poyarekar <siddhesh@sourceware.org>
Tue, 6 Sep 2022 13:31:50 +0000 (09:31 -0400)
committer Siddhesh Poyarekar <siddhesh@sourceware.org>
Tue, 6 Sep 2022 13:36:54 +0000 (09:36 -0400)
diff --git a/NEWS b/NEWS

index 757ded85e0f7108324c3422c7e73c504ed77e41c..10a7613f099296e7accbeebbbb0a84dd11a23269 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,13 @@ using `glibc' in the "product" field.
  \f
  Version 2.36.1
  
+Security related changes:
+
+  CVE-2022-39046: When the syslog function is passed a crafted input
+  string larger than 1024 bytes, it reads uninitialized memory from the
+  heap and prints it to the target log file, potentially revealing a
+  portion of the contents of the heap.
+
  The following bugs are resolved with this release:
  
    [28846] CMSG_NXTHDR may trigger -Wstrict-overflow warning
author	Siddhesh Poyarekar <siddhesh@sourceware.org>
	Tue, 6 Sep 2022 13:31:50 +0000 (09:31 -0400)
committer	Siddhesh Poyarekar <siddhesh@sourceware.org>
	Tue, 6 Sep 2022 13:36:54 +0000 (09:36 -0400)