mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-08 14:20:07 +00:00
NEWS: insert advisories and fixed bugs for 2.39
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
This commit is contained in:
parent
cc1b91eabd
commit
62150d038d
137
NEWS
137
NEWS
@ -109,13 +109,142 @@ Security related changes:
|
||||
The following CVEs were fixed in this release, details of which can be
|
||||
found in the advisories directory of the release tarball:
|
||||
|
||||
[The release manager will add the list generated by
|
||||
scripts/process-fixed-cves.sh just before the release.]
|
||||
GLIBC-SA-2023-0002:
|
||||
getaddrinfo: Stack read overflow in no-aaaa mode (CVE-2023-4527)
|
||||
|
||||
GLIBC-SA-2023-0003:
|
||||
getaddrinfo: Potential use-after-free (CVE-2023-4806)
|
||||
|
||||
GLIBC-SA-2023-0004:
|
||||
tunables: local privilege escalation through buffer overflow
|
||||
(CVE-2023-4911)
|
||||
|
||||
GLIBC-SA-2024-0001:
|
||||
syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6246)
|
||||
|
||||
GLIBC-SA-2024-0002:
|
||||
syslog: Heap buffer overflow in __vsyslog_internal (CVE-2023-6779)
|
||||
|
||||
GLIBC-SA-2024-0003:
|
||||
syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780)
|
||||
|
||||
The following bugs are resolved with this release:
|
||||
|
||||
[The release manager will add the list generated by
|
||||
scripts/list-fixed-bugs.py just before the release.]
|
||||
[14522] localedata: fy_DE: LC_IDENTIFICATION data looks weird
|
||||
[19305] libc: qsort() should return early if (nmemb <= 1)
|
||||
[19479] localedata: gbm_IN: new Garhwali Locale
|
||||
[19924] dynamic-link: TLS performance degradation after dlopen
|
||||
[19956] localedata: ssy_ER: rename from aa_ER@saaho
|
||||
[21719] libc: stdlib/msort : optimizing merge sort
|
||||
[22526] localedata: th_TH LC_COLLATE does not use copy "iso14651_t1"
|
||||
[23012] localedata: el_GR: Greece now uses the 24h format for time
|
||||
[23172] localedata: miq_NI: Provide actually abbreviated month names
|
||||
[24006] localedata: Cyclic dependencies via copy in locales
|
||||
[24013] localedata: am_pm definitions for es_ES
|
||||
[24386] localedata: crh_RU: new locale
|
||||
[24877] localedata: [Redundant Data] Remove redundant data between
|
||||
en_NZ and en_AU
|
||||
[25868] localedata: Incorrect trailing spaces in weekday names for
|
||||
nn_NO
|
||||
[26752] localedata: Please add the new locale zgh_MA
|
||||
[27069] dynamic-link: Need a way to tell if a tunable is set by user
|
||||
[27163] localedata: Error on test glk_IR with localedef
|
||||
[27312] localedata: su_ID: new Sundanese locale
|
||||
[27547] manual: "Summary of malloc-Related Functions" shows wrong
|
||||
argument order for `aligned_alloc` and `memalign`
|
||||
[27574] libc: glibc should probably not define __WORDSIZE=64 for
|
||||
__sparcv9
|
||||
[27601] localedata: License information update in
|
||||
localedata/locales/ast_ES
|
||||
[28558] localedata: it_IT LC_MONETARY outdated p_cs_precedes and
|
||||
n_cs_precedes
|
||||
[28787] localedata: Add information for Occitan
|
||||
[29039] dynamic-link: Corrupt DTV after reuse of a TLS module ID
|
||||
following dlclose with unused TLS
|
||||
[29486] localedata: New Zealand locales (en_NZ & mi_NZ) first day of
|
||||
week should be Monday
|
||||
[29504] localedata: Incorrect/misleading Time Format For ms_MY (AM/PM)
|
||||
[29506] localedata: UTF-8 HANGUL SYLLABLE bugs
|
||||
[30349] libc: Support returning a pidfd from posix_spawn()
|
||||
[30412] localedata: d_t_fmt in id_ID uses %r placeholder but am_pm and
|
||||
t_fmt_ampm are undefined
|
||||
[30605] localedata: New locale for Komi language
|
||||
[30649] localedata: [PATCH] Add transliteration of common emojis to
|
||||
smileys
|
||||
[30694] locale: The iconv program no longer tells the user which given
|
||||
encoding name was wrong
|
||||
[30709] nscd: nscd fails to build with cleanup handler if built with
|
||||
-fexceptions
|
||||
[30737] libc: fdopendir() is not robust - returns bogus DIR* instead
|
||||
of flagging an error
|
||||
[30740] build: [m68k] undefined reference to
|
||||
`_wordcopy_fwd_dest_aligned'
|
||||
[30745] libc: Slight bug in cache info codes for x86
|
||||
[30750] network: Unaligned accesses in resolver
|
||||
[30773] math: [m68k] busybox awk is broken (lshift.S related)
|
||||
[30789] libc: [2.38 Regression] sem_open will fail on multithreaded
|
||||
scenarios when semaphore file doesn't exist (O_CREAT)
|
||||
[30800] nscd: Improper assert in prune_cache triggers if clock jumps
|
||||
backwards
|
||||
[30804] libc: F_GETLK, F_SETLK, and F_SETLKW value change for
|
||||
powerpc64 with -D_FILE_OFFSET_BITS=64
|
||||
[30842] network: Stack read overflow in getaddrinfo in no-aaaa mode
|
||||
(CVE-2023-4527)
|
||||
[30843] network: potential use-after-free in getcanonname
|
||||
(CVE-2023-4806)
|
||||
[30854] localedata: Update locale data to Unicode 15.1.0
|
||||
[30884] network: Memory leak in getaddrinfo after fix for bug 30843
|
||||
(CVE-2023-5156)
|
||||
[30932] libc: Fortify Source has false-positives when too many files
|
||||
are open
|
||||
[30945] malloc: Core affinity setting incurs lock contentions between
|
||||
threads
|
||||
[30960] math: signed integer overflow in
|
||||
glibc/sysdeps/s390/fpu/feenablxcpt.c
|
||||
[30964] locale: Number grouping check mishandles multibyte thousands
|
||||
separator
|
||||
[30981] dynamic-link: dlclose does not properly implement force-first
|
||||
handling
|
||||
[30988] math: fesetexcept raises floating-point exception traps on
|
||||
ppc, ppc64, ppc64le
|
||||
[30989] math: fesetexcept raises floating-point exception traps on
|
||||
i386
|
||||
[30990] libc: fesetexceptflag raises floating-point exception traps on
|
||||
i386, x86_64
|
||||
[30998] math: fesetexceptflag clears too many floating-point exception
|
||||
flags on alpha
|
||||
[31019] manual: The documentation of feenableexcept is incomplete
|
||||
[31022] math: feupdateenv (FE_DFL_ENV) crashes on riscv
|
||||
[31035] libc: Library search path terminates on relative non-directory
|
||||
name
|
||||
[31042] libc: [s390x] .init and .fini padding
|
||||
[31068] libc: sysdeps: sparc: invalid data access in memset due to
|
||||
regression
|
||||
[31078] manual: Code example in "Noncanonical Mode Example" has unused
|
||||
'char *name;'
|
||||
[31086] localedata: Errors in Tibetan, Dzongkha data
|
||||
[31113] string: Wrong unwind information for rawmemchr on aarch64
|
||||
[31151] libc: [RISC-V] missing support for profile/audit PLT setup
|
||||
[31163] nss: getaddrinfo returns EAI_NONAME in oom situation
|
||||
[31183] stdio: Wide stream buffer size reduced MB_LEN_MAX bytes after
|
||||
bug 17522 fix
|
||||
[31184] dynamic-link: FAIL: elf/tst-tlsgap
|
||||
[31185] dynamic-link: Incorrect thread point access in
|
||||
_dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic
|
||||
[31187] dynamic-link: Some CET tests fail with GCC 14
|
||||
[31204] localedata: Fix decimal point and thousands separator for
|
||||
uz_UZ
|
||||
[31205] localedata: Inconsistent (mon_)grouping formats
|
||||
[31218] dynamic-link: PLT rewrite overflows large displacement on x32
|
||||
[31221] localedata: Add localedata for ISO code "tok" (Toki Pona)
|
||||
[31230] dynamic-link: PLT rewrite failed without SELinux
|
||||
[31239] localedata: anp_IN locale: abbreviated month names are the
|
||||
same as the full month names
|
||||
[31244] nptl: pthread_cancel hangs on sparc32
|
||||
[31257] localedata: Sync with CLDR: “Turkey” -> “Türkiye”
|
||||
[31266] string: sparc: string/tst-memmove-overflow fails on 32-bit
|
||||
sparcv9
|
||||
[31276] libc: Wrong condition for heap allocation in qsort_r
|
||||
|
||||
Version 2.38
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user