From 198632a05f6c7b9ab67d3331d8caace9ceabb685 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20K=2E=20H=C3=BCttel?= Date: Sat, 15 Jun 2024 15:22:20 +0200 Subject: [PATCH] NEWS: update list of fixed CVEs in 2.39 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Andreas K. Hüttel --- NEWS | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/NEWS b/NEWS index eba57af12f..06faac3b1f 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,26 @@ Version 2.39.1 Security related changes: +The following CVEs were fixed in this release: + + GLIBC-SA-2024-0004: + ISO-2022-CN-EXT: fix out-of-bound writes when writing escape + sequence (CVE-2024-2961) + + GLIBC-SA-2024-0005: + nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599) + + GLIBC-SA-2024-0006: + nscd: Null pointer crash after notfound response (CVE-2024-33600) + + GLIBC-SA-2024-0007: + nscd: netgroup cache may terminate daemon on memory allocation + failure (CVE-2024-33601) + + GLIBC-SA-2024-0008: + nscd: netgroup cache assumes NSS callback uses in-buffer strings + (CVE-2024-33602) + The following bugs are resolved with this release: [19622] network: Support aliasing with struct sockaddr