From a92914de93979dbaa85ae9e410157bf5b67bcf98 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Andreas=20K=2E=20H=C3=BCttel?= Date: Sat, 26 Jul 2025 15:23:49 +0200 Subject: [PATCH] NEWS: insert list of CVEs MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Signed-off-by: Andreas K. Hüttel --- NEWS | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index a3ab26c046..14a58be747 100644 --- a/NEWS +++ b/NEWS @@ -83,8 +83,21 @@ Security related changes: The following CVEs were fixed in this release, details of which can be found in the advisories directory of the release tarball: - [The release manager will add the list generated by - scripts/process-advisories.sh just before the release.] + GLIBC-SA-2025-0001: + assert: Buffer overflow when printing assertion failure message + (CVE-2025-0395) + + GLIBC-SA-2025-0003: + power10: strcmp fails to save and restore nonvolatile vector + registers (CVE-2025-5702) + + GLIBC-SA-2025-0004: + power10: strncmp fails to save and restore nonvolatile vector + registers (CVE-2025-5745) + + GLIBC-SA-2025-0005: + posix: Fix double-free after allocation failure in regcomp + (CVE-2025-8058) The following bugs were resolved with this release: -- 2.47.2