NEWS: Mention CVE-2021-27645

author DJ Delorie <dj@redhat.com>

Wed, 3 Mar 2021 19:52:57 +0000 (14:52 -0500)

committer Dmitry V. Levin <ldv@altlinux.org>

Tue, 4 Oct 2022 08:00:00 +0000 (08:00 +0000)
author DJ Delorie <dj@redhat.com>
Wed, 3 Mar 2021 19:52:57 +0000 (14:52 -0500)
committer Dmitry V. Levin <ldv@altlinux.org>
Tue, 4 Oct 2022 08:00:00 +0000 (08:00 +0000)
diff --git a/NEWS b/NEWS

index ddbe2733ffd079d26279852bb504d996fa3553d3..7bd476deb65e4cf8b27dc19e605122460592a5b3 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,11 @@ Security related changes:
    converted output contains a combined sequence of two wide characters
    crossing a buffer boundary.  Reported by Tavis Ormandy.
  
+  CVE-2021-27645: The nameserver caching daemon (nscd), when processing
+  a request for netgroup lookup, may crash due to a double-free,
+  potentially resulting in degraded service or Denial of Service on the
+  local system.  Reported by Chris Schanzle.
+
    CVE-2021-33574: The mq_notify function has a potential use-after-free
    issue when using a notification type of SIGEV_THREAD and a thread
    attribute with a non-default affinity mask.
author	DJ Delorie <dj@redhat.com>
	Wed, 3 Mar 2021 19:52:57 +0000 (14:52 -0500)
committer	Dmitry V. Levin <ldv@altlinux.org>
	Tue, 4 Oct 2022 08:00:00 +0000 (08:00 +0000)