From: Dmitry V. Levin <ldv@altlinux.org>
Date: Tue, 4 Oct 2022 08:00:00 +0000 (+0000)
Subject: NEWS: Move CVE-2021-33574 entry from 2.32 section to 2.32.1
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=32022774db16ae5e41a940e559f11eb74bb011bf;p=thirdparty%2Fglibc.git

NEWS: Move CVE-2021-33574 entry from 2.32 section to 2.32.1

The fix was backported by commit ff75390ef59823193351ae77584c397c503b7b58
("Use __pthread_attr_copy in mq_notify (bug 27896)")
after glibc 2.32 release.
---

diff --git a/NEWS b/NEWS
index 5f43794bf5e..cf8c54f6819 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,10 @@ Security related changes:
   invoked with input containing redundant shift sequences in the IBM1364,
   IBM1371, IBM1388, IBM1390, or IBM1399 character sets.
 
+  CVE-2021-33574: The mq_notify function has a potential use-after-free
+  issue when using a notification type of SIGEV_THREAD and a thread
+  attribute with a non-default affinity mask.
+
 The following bugs are resolved with this release:
 
   [20019] NULL pointer dereference in libc.so.6 IFUNC due to uninitialized GOT
@@ -258,10 +262,6 @@ Security related changes:
   Dytrych of the Cisco Security Assessment and Penetration Team (See
   TALOS-2020-1019).
 
-  CVE-2021-33574: The mq_notify function has a potential use-after-free
-  issue when using a notification type of SIGEV_THREAD and a thread
-  attribute with a non-default affinity mask.
-
 The following bugs are resolved with this release:
 
   [9809] localedata: ckb_IQ: new Kurdish Sorani locale