From: Florian Weimer <fweimer@redhat.com>
Date: Sun, 22 Oct 2017 07:29:52 +0000 (+0200)
Subject: Update NEWS and ChangeLog for CVE-2017-15671
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1e53b88296dc95d325d6073910a33dca851b6bc4;p=thirdparty%2Fglibc.git

Update NEWS and ChangeLog for CVE-2017-15671

(cherry picked from commit 914c9994d27b80bc3b71c483e801a4f04e269ba6)
---

diff --git a/ChangeLog b/ChangeLog
index 756a3cc0f06..01a1e99d835 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,7 @@
 2017-09-08  Adhemerval Zanella  <adhemerval.zanella@linaro.org>
 
 	[BZ #1062]
+	CVE-2017-15671
 	* posix/Makefile (routines): Add globfree, globfree64, and
 	glob_pattern_p.
 	* posix/flexmember.h: New file.
diff --git a/NEWS b/NEWS
index 8c10e88ec51..a70d21eb40c 100644
--- a/NEWS
+++ b/NEWS
@@ -25,6 +25,11 @@ Security related changes:
   from a one-byte overflow during ~ operator processing (either on the stack
   or the heap, depending on the length of the user name).
 
+* CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
+  would sometimes fail to free memory allocated during ~ operator
+  processing, leading to a memory leak and, potentially, to a denial
+  of service.
+
 The following bugs are resolved with this release:
 
   [20790] Fix rpcgen buffer overrun