From: DJ Delorie <dj@redhat.com>
Date: Wed, 3 Mar 2021 19:52:57 +0000 (-0500)
Subject: NEWS: Mention CVE-2021-27645
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=aa510aa2767b9aff0401a62718e2cf93f745fb0d;p=thirdparty%2Fglibc.git

NEWS: Mention CVE-2021-27645

(cherry picked from commit 24eb3be5db5befefe4bcf0f438bf6629a9c3a608)
---

diff --git a/NEWS b/NEWS
index ddbe2733ffd..7bd476deb65 100644
--- a/NEWS
+++ b/NEWS
@@ -22,6 +22,11 @@ Security related changes:
   converted output contains a combined sequence of two wide characters
   crossing a buffer boundary.  Reported by Tavis Ormandy.
 
+  CVE-2021-27645: The nameserver caching daemon (nscd), when processing
+  a request for netgroup lookup, may crash due to a double-free,
+  potentially resulting in degraded service or Denial of Service on the
+  local system.  Reported by Chris Schanzle.
+
   CVE-2021-33574: The mq_notify function has a potential use-after-free
   issue when using a notification type of SIGEV_THREAD and a thread
   attribute with a non-default affinity mask.