AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-12-13 23:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

NEWS: Move security-lated changes before bug list

Browse Source 
This matches the practice for previous releases.
This commit is contained in:
Florian Weimer 2018-05-24 15:50:29 +02:00 committed by Fangrui Song
parent 537386b1c9
commit 121dc10a6d
1 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
NEWS
View File

@ -13,6 +13,19 @@ Major new features:
Czech languages. The Catalan and Greek languages now support abbreviated
alternative month names.
Security related changes:
CVE-2017-18269: An SSE2-based memmove implementation for the i386
architecture could corrupt memory. Reported by Max Horn.
CVE-2018-11236: Very long pathname arguments to realpath function could
result in an integer overflow and buffer overflow. Reported by Alexey
Izbyshev.
CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi
architecture could write beyond the target buffer, resulting in a buffer
overflow. Reported by Andreas Schwab.
The following bugs are resolved with this release:
[6889] 'PWD' mentioned but not specified
@ -50,19 +63,6 @@ The following bugs are resolved with this release:
[23166] sunrpc: Remove stray exports without --enable-obsolete-rpc
[23196] __mempcpy_avx512_no_vzeroupper mishandles large copies
Security related changes:
CVE-2017-18269: An SSE2-based memmove implementation for the i386
architecture could corrupt memory. Reported by Max Horn.
CVE-2018-11236: Very long pathname arguments to realpath function could
result in an integer overflow and buffer overflow. Reported by Alexey
Izbyshev.
CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi
architecture could write beyond the target buffer, resulting in a buffer
overflow. Reported by Andreas Schwab.
Version 2.27