From: Florian Weimer <fweimer@redhat.com>
Date: Fri, 29 Jul 2016 21:34:17 +0000 (-0400)
Subject: CVE-2016-5417 was assigned to bug 19257
X-Git-Tag: glibc-2.24~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fab382315ad3be7c773aaf7ca49c053cf91755fe;p=thirdparty%2Fglibc.git

CVE-2016-5417 was assigned to bug 19257
---

diff --git a/NEWS b/NEWS
index e2737d5f47a..680f792685a 100644
--- a/NEWS
+++ b/NEWS
@@ -66,6 +66,11 @@ Security related changes:
   flooded with crafted ICMP and UDP messages.  Reported by Aldy Hernandez'
   alloca plugin for GCC.  (CVE-2016-4429)
 
+* The IPv6 name server management code in libresolv could result in a memory
+  leak for each thread which is created, performs a failing naming lookup,
+  and exits.  Over time, this could result in a denial of service due to
+  memory exhaustion.  Reported by Matthias Schiffer.  (CVE-2016-5417)
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by