From: Florian Weimer Date: Sun, 22 Oct 2017 07:29:52 +0000 (+0200) Subject: Update NEWS and ChangeLog for CVE-2017-15671 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6f9f307b5db6b2eeb7b92f2a75e5ab3e749c3d56;p=thirdparty%2Fglibc.git Update NEWS and ChangeLog for CVE-2017-15671 (cherry picked from commit 914c9994d27b80bc3b71c483e801a4f04e269ba6) --- diff --git a/NEWS b/NEWS index 359465ff3e1..037b28cb9bb 100644 --- a/NEWS +++ b/NEWS @@ -30,6 +30,11 @@ Security related changes: on the stack or the heap, depending on the length of the user name). Reported by Tim Rühsen. + CVE-2017-15671: The glob function, when invoked with GLOB_TILDE, + would sometimes fail to free memory allocated during ~ operator + processing, leading to a memory leak and, potentially, to a denial + of service. + The following bugs are resolved with this release: [16750] ldd: Never run file directly.