Add ChangeLog reference to bug 16750/CVE-2009-5064

2024-11-08 14:20:07 +00:00 · 2017-08-16 16:47:20 +02:00 · 2017-08-16 16:47:20 +02:00 · 403143e1df
commit 403143e1df
parent eedca9772e
2 changed files with 7 additions and 1 deletions
--- a/2
+++ b/2
@ -1,5 +1,7 @@
 2017-08-16  Andreas Schwab  <schwab@suse.de>

+	[BZ #16750]
+	CVE-2009-5064
 	* elf/ldd.bash.in: Never run file directly.

 2017-08-15  H.J. Lu  <hongjiu.lu@intel.com>
--- a/6
+++ b/6
@ -22,7 +22,11 @@ Changes to build and runtime requirements:

 Security related changes:

-  [Add security related changes here]
+  CVE-2009-5064: The ldd script would sometimes run the program under
+  examination directly, without preventing code execution through the
+  dynamic linker.  (The glibc project disputes that this is a security
+  vulnerability; only trusted binaries must be examined using the ldd
+  script.)

 The following bugs are resolved with this release: