mirror of
git://sourceware.org/git/glibc.git
synced 2024-11-21 01:12:26 +08:00
NEWS: Document CVE-2023-25139.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
This commit is contained in:
parent
41349f6f67
commit
67c37737ed
7
NEWS
7
NEWS
@ -21,7 +21,12 @@ Changes to build and runtime requirements:
|
||||
|
||||
Security related changes:
|
||||
|
||||
[Add security related changes here]
|
||||
CVE-2023-25139: When the printf family of functions is called with a
|
||||
format specifier that uses an <apostrophe> (enable grouping) and a
|
||||
minimum width specifier, the resulting output could be larger than
|
||||
reasonably expected by a caller that computed a tight bound on the
|
||||
buffer size. The resulting larger than expected output could result
|
||||
in a buffer overflow in the printf family of functions.
|
||||
|
||||
The following bugs are resolved with this release:
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user