mirror of
https://sourceware.org/git/glibc.git
synced 2024-12-14 07:10:05 +00:00
NEWS: Move security-lated changes before bug list
This matches the practice for previous releases.
This commit is contained in:
parent
537386b1c9
commit
121dc10a6d
26
NEWS
26
NEWS
@ -13,6 +13,19 @@ Major new features:
|
|||||||
Czech languages. The Catalan and Greek languages now support abbreviated
|
Czech languages. The Catalan and Greek languages now support abbreviated
|
||||||
alternative month names.
|
alternative month names.
|
||||||
|
|
||||||
|
Security related changes:
|
||||||
|
|
||||||
|
CVE-2017-18269: An SSE2-based memmove implementation for the i386
|
||||||
|
architecture could corrupt memory. Reported by Max Horn.
|
||||||
|
|
||||||
|
CVE-2018-11236: Very long pathname arguments to realpath function could
|
||||||
|
result in an integer overflow and buffer overflow. Reported by Alexey
|
||||||
|
Izbyshev.
|
||||||
|
|
||||||
|
CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi
|
||||||
|
architecture could write beyond the target buffer, resulting in a buffer
|
||||||
|
overflow. Reported by Andreas Schwab.
|
||||||
|
|
||||||
The following bugs are resolved with this release:
|
The following bugs are resolved with this release:
|
||||||
|
|
||||||
[6889] 'PWD' mentioned but not specified
|
[6889] 'PWD' mentioned but not specified
|
||||||
@ -50,19 +63,6 @@ The following bugs are resolved with this release:
|
|||||||
[23166] sunrpc: Remove stray exports without --enable-obsolete-rpc
|
[23166] sunrpc: Remove stray exports without --enable-obsolete-rpc
|
||||||
[23196] __mempcpy_avx512_no_vzeroupper mishandles large copies
|
[23196] __mempcpy_avx512_no_vzeroupper mishandles large copies
|
||||||
|
|
||||||
Security related changes:
|
|
||||||
|
|
||||||
CVE-2017-18269: An SSE2-based memmove implementation for the i386
|
|
||||||
architecture could corrupt memory. Reported by Max Horn.
|
|
||||||
|
|
||||||
CVE-2018-11236: Very long pathname arguments to realpath function could
|
|
||||||
result in an integer overflow and buffer overflow. Reported by Alexey
|
|
||||||
Izbyshev.
|
|
||||||
|
|
||||||
CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi
|
|
||||||
architecture could write beyond the target buffer, resulting in a buffer
|
|
||||||
overflow. Reported by Andreas Schwab.
|
|
||||||
|
|
||||||
|
|
||||||
Version 2.27
|
Version 2.27
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user