Update NEWS to add CVE-2017-15804 entry

This commit is contained in:
Aurelien Jarno 2017-12-01 21:53:51 +01:00
parent 428fc49eaa
commit 15e84c63c0

4
NEWS
View File

@ -100,8 +100,8 @@ Security related changes:
processing, leading to a memory leak and, potentially, to a denial
of service.
The glob function, when invoked with GLOB_TILDE and without
GLOB_NOESCAPE, could write past the end of a buffer while
CVE-2017-15804: The glob function, when invoked with GLOB_TILDE and
without GLOB_NOESCAPE, could write past the end of a buffer while
unescaping user names. Reported by Tim Rühsen.
The following bugs are resolved with this release: