diff options
| author |   Florian Weimer <fweimer@redhat.com> | 2020-07-31 12:07:06 +0200 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2020-07-31 12:59:19 +0200 |
| commit | 7f1a08cff82255cd4252a2c75fd65b80a6a170bf (patch) | |
| tree | de8d9e81ac77041906834b1be622ab4c822ea1d9 | |
| parent | NEWS: Deprecate weak libpthread symbols for single-threaded checks (diff) | |
| download | glibc-7f1a08cff82255cd4252a2c75fd65b80a6a170bf.tar.xz glibc-7f1a08cff82255cd4252a2c75fd65b80a6a170bf.zip | |
Move NEWS entry for CVE-2020-1751 to the 2.31 section
It was fixed in commit d93769405996dfc11d216ddbe415946617b5a494
("Fix array overflow in backtrace on PowerPC (bug 25423)"), which
went into glibc 2.31.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
| -rw-r--r-- | NEWS | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -171,9 +171,6 @@ Security related changes: corruption when they were passed a pseudo-zero argument. Reported by Guido Vranken / ForAllSecure Mayhem. - CVE-2020-1751: A defect in the PowerPC backtrace function could cause an - out-of-bounds write when executed in a signal frame context. - CVE-2020-1752: A use-after-free vulnerability in the glob function when expanding ~user has been fixed. @@ -325,6 +322,9 @@ Changes to build and runtime requirements: Security related changes: + CVE-2020-1751: A defect in the PowerPC backtrace function could cause an + out-of-bounds write when executed in a signal frame context. + CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping |