Update NEWS and ChangeLog for CVE-2017-15671

(cherry picked from commit 914c9994d27b80bc3b71c483e801a4f04e269ba6)
2025-04-12 14:21:18 +08:00 · 2017-10-22 09:29:52 +02:00 · 2017-10-22 09:29:52 +02:00 · 6f9f307b5d
commit 6f9f307b5d
parent f312f235d5
1 changed files with 5 additions and 0 deletions
--- a/5
+++ b/5
@ -30,6 +30,11 @@ Security related changes:
  on the stack or the heap, depending on the length of the user name).
  Reported by Tim Rühsen.

+  CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
+  would sometimes fail to free memory allocated during ~ operator
+  processing, leading to a memory leak and, potentially, to a denial
+  of service.
+
 The following bugs are resolved with this release:

  [16750] ldd: Never run file directly.