From: Andreas K. Hüttel <dilfridge@gentoo.org>
Date: Sat, 15 Jun 2024 13:22:20 +0000 (+0200)
Subject: NEWS: update list of fixed CVEs in 2.39
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=198632a05f6c7b9ab67d3331d8caace9ceabb685;p=thirdparty%2Fglibc.git

NEWS: update list of fixed CVEs in 2.39

Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
---

diff --git a/NEWS b/NEWS
index eba57af12f..06faac3b1f 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,26 @@ Version 2.39.1
 
 Security related changes:
 
+The following CVEs were fixed in this release:
+
+  GLIBC-SA-2024-0004:
+    ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
+    sequence (CVE-2024-2961)
+
+  GLIBC-SA-2024-0005:
+    nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599)
+
+  GLIBC-SA-2024-0006:
+    nscd: Null pointer crash after notfound response (CVE-2024-33600)
+
+  GLIBC-SA-2024-0007:
+    nscd: netgroup cache may terminate daemon on memory allocation
+    failure (CVE-2024-33601)
+
+  GLIBC-SA-2024-0008:
+    nscd: netgroup cache assumes NSS callback uses in-buffer strings
+    (CVE-2024-33602)
+
 The following bugs are resolved with this release:
 
   [19622] network: Support aliasing with struct sockaddr