Update NEWS and ChangeLog for CVE-2017-15671

2017-10-22 09:29:52 +02:00 · 2017-10-22 09:29:52 +02:00 · 914c9994d2
parent e80fc1fc98
commit 914c9994d2
2 changed files with 6 additions and 0 deletions
--- a/1
+++ b/1
@ -3965,6 +3965,7 @@
 	All uses removed.

 	[BZ #1062]
+	CVE-2017-15671
 	* posix/Makefile (routines): Add globfree, globfree64, and
 	glob_pattern_p.
 	* posix/flexmember.h: New file.
--- a/5
+++ b/5
@ -77,6 +77,11 @@ Security related changes:
  on the stack or the heap, depending on the length of the user name).
  Reported by Tim Rühsen.

+  CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
+  would sometimes fail to free memory allocated during ~ operator
+  processing, leading to a memory leak and, potentially, to a denial
+  of service.
+
 The following bugs are resolved with this release:

  [The release manager will add the list generated by