From: Florian Weimer <fweimer@redhat.com>
Date: Fri, 29 Apr 2016 08:47:40 +0000 (+0200)
Subject: NEWS entry for CVE-2016-3075
X-Git-Tag: glibc-2.24~306
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f5b3338d70a7a2c626331ac4589b6deb2f610432;p=thirdparty%2Fglibc.git

NEWS entry for CVE-2016-3075
---

diff --git a/NEWS b/NEWS
index aa6209e5a12..24e13aeafac 100644
--- a/NEWS
+++ b/NEWS
@@ -27,6 +27,10 @@ Version 2.24
 
 Security related changes:
 
+* An unnecessary stack copy in _nss_dns_getnetbyname_r was removed.  It
+  could result in a stack overflow when getnetbyname was called with an
+  overly long name.  (CVE-2016-3075)
+
 * Previously, getaddrinfo copied large amounts of address data to the stack,
   even after the fix for CVE-2013-4458 has been applied, potentially
   resulting in a stack overflow.  getaddrinfo now uses a heap allocation