Record CVE-2019-9169 in NEWS and ChangeLog [BZ #24114]

author Aurelien Jarno <aurelien@aurel32.net>

Sat, 16 Mar 2019 21:59:56 +0000 (22:59 +0100)

committer Aurelien Jarno <aurelien@aurel32.net>

Sat, 16 Mar 2019 22:27:47 +0000 (23:27 +0100)
author Aurelien Jarno <aurelien@aurel32.net>
Sat, 16 Mar 2019 21:59:56 +0000 (22:59 +0100)
committer Aurelien Jarno <aurelien@aurel32.net>
Sat, 16 Mar 2019 22:27:47 +0000 (23:27 +0100)
diff --git a/ChangeLog b/ChangeLog

index fb88626efe1d3a72366357be26c5168798e68ef0..80413dd56084088b6efd5527c0062d94d3226ff8 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
  2019-01-31  Paul Eggert  <eggert@cs.ucla.edu>
  
+       CVE-2019-9169
         regex: fix read overrun [BZ #24114]
         Problem found by AddressSanitizer, reported by Hongxu Chen in:
         https://debbugs.gnu.org/34140
diff --git a/NEWS b/NEWS

index 340e06d0f4fa8c6ecf42c098da27857c2242e6fe..271bf7a2cd611a53d284c923d6d3cc32002baa79 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -24,6 +24,10 @@ Security related changes:
    memcmp gave the wrong result since it treated the size argument as
    zero.  Reported by H.J. Lu.
  
+  CVE-2019-9169: Attempted case-insensitive regular-expression match
+  via proceed_next_node in posix/regexec.c leads to heap-based buffer
+  over-read.  Reported by Hongxu Chen.
+
  \f
  Version 2.29
author	Aurelien Jarno <aurelien@aurel32.net>
	Sat, 16 Mar 2019 21:59:56 +0000 (22:59 +0100)
committer	Aurelien Jarno <aurelien@aurel32.net>
	Sat, 16 Mar 2019 22:27:47 +0000 (23:27 +0100)
ChangeLog		patch \| blob \| blame \| history
NEWS		patch \| blob \| blame \| history