From: Florian Weimer <fweimer@redhat.com>
Date: Sun, 22 Oct 2017 07:29:52 +0000 (+0200)
Subject: Update NEWS and ChangeLog for CVE-2017-15671
X-Git-Tag: glibc-2.27~638
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=914c9994d27b80bc3b71c483e801a4f04e269ba6;p=thirdparty%2Fglibc.git

Update NEWS and ChangeLog for CVE-2017-15671
---

diff --git a/ChangeLog b/ChangeLog
index c20121ab1bf..bc15aef2baa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3965,6 +3965,7 @@
 	All uses removed.
 
 	[BZ #1062]
+	CVE-2017-15671
 	* posix/Makefile (routines): Add globfree, globfree64, and
 	glob_pattern_p.
 	* posix/flexmember.h: New file.
diff --git a/NEWS b/NEWS
index 0540fd2713d..c38fb88ac43 100644
--- a/NEWS
+++ b/NEWS
@@ -77,6 +77,11 @@ Security related changes:
   on the stack or the heap, depending on the length of the user name).
   Reported by Tim Rühsen.
 
+  CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
+  would sometimes fail to free memory allocated during ~ operator
+  processing, leading to a memory leak and, potentially, to a denial
+  of service.
+
 The following bugs are resolved with this release:
 
   [The release manager will add the list generated by