NEWS entry for CVE-2016-3075

This commit is contained in:
Florian Weimer 2016-04-29 10:47:40 +02:00
parent 4ab2ab03d4
commit f5b3338d70

4
NEWS
View File

@ -27,6 +27,10 @@ Version 2.24
Security related changes:
* An unnecessary stack copy in _nss_dns_getnetbyname_r was removed. It
could result in a stack overflow when getnetbyname was called with an
overly long name. (CVE-2016-3075)
* Previously, getaddrinfo copied large amounts of address data to the stack,
even after the fix for CVE-2013-4458 has been applied, potentially
resulting in a stack overflow. getaddrinfo now uses a heap allocation