From 6f9f307b5db6b2eeb7b92f2a75e5ab3e749c3d56 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Sun, 22 Oct 2017 09:29:52 +0200 Subject: [PATCH] Update NEWS and ChangeLog for CVE-2017-15671 (cherry picked from commit 914c9994d27b80bc3b71c483e801a4f04e269ba6) --- NEWS | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/NEWS b/NEWS index 359465ff3e..037b28cb9b 100644 --- a/NEWS +++ b/NEWS @@ -30,6 +30,11 @@ Security related changes: on the stack or the heap, depending on the length of the user name). Reported by Tim Rühsen. + CVE-2017-15671: The glob function, when invoked with GLOB_TILDE, + would sometimes fail to free memory allocated during ~ operator + processing, leading to a memory leak and, potentially, to a denial + of service. + The following bugs are resolved with this release: [16750] ldd: Never run file directly.