NEWS: Move CVE-2021-33574 entry from 2.32 section to 2.32.1

The fix was backported by commit ff75390ef59823193351ae77584c397c503b7b58 ("Use __pthread_attr_copy in mq_notify (bug 27896)") after glibc 2.32 release.
2025-04-12 14:21:18 +08:00 · 2022-10-04 08:00:00 +00:00 · 2022-10-04 08:00:00 +00:00 · 32022774db
commit 32022774db
parent 09c113cf00
1 changed files with 4 additions and 4 deletions
--- a/8
+++ b/8
@ -13,6 +13,10 @@ Security related changes:
  invoked with input containing redundant shift sequences in the IBM1364,
  IBM1371, IBM1388, IBM1390, or IBM1399 character sets.

+  CVE-2021-33574: The mq_notify function has a potential use-after-free
+  issue when using a notification type of SIGEV_THREAD and a thread
+  attribute with a non-default affinity mask.
+
 The following bugs are resolved with this release:

  [20019] NULL pointer dereference in libc.so.6 IFUNC due to uninitialized GOT
@ -258,10 +262,6 @@ Security related changes:
  Dytrych of the Cisco Security Assessment and Penetration Team (See
  TALOS-2020-1019).

-  CVE-2021-33574: The mq_notify function has a potential use-after-free
-  issue when using a notification type of SIGEV_THREAD and a thread
-  attribute with a non-default affinity mask.
-
 The following bugs are resolved with this release:

  [9809] localedata: ckb_IQ: new Kurdish Sorani locale