Add ChangeLog reference to bug 16750/CVE-2009-5064

This commit is contained in:
Florian Weimer 2017-08-16 16:47:20 +02:00
parent eedca9772e
commit 403143e1df
2 changed files with 7 additions and 1 deletions

View File

@ -1,5 +1,7 @@
2017-08-16 Andreas Schwab <schwab@suse.de>
[BZ #16750]
CVE-2009-5064
* elf/ldd.bash.in: Never run file directly.
2017-08-15 H.J. Lu <hongjiu.lu@intel.com>

6
NEWS
View File

@ -22,7 +22,11 @@ Changes to build and runtime requirements:
Security related changes:
[Add security related changes here]
CVE-2009-5064: The ldd script would sometimes run the program under
examination directly, without preventing code execution through the
dynamic linker. (The glibc project disputes that this is a security
vulnerability; only trusted binaries must be examined using the ldd
script.)
The following bugs are resolved with this release: