mirror/glibc
2
0
Fork 0
mirror of git://sourceware.org/git/glibc.git synced 2025-04-06 14:10:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add NEWS entry for CVE-2020-6096 (bug 25620)

Browse Source 
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 17400c4bcd57d84add1da3aa93248ef2efdb0ccb)
This commit is contained in:
Aurelien Jarno 2020-07-12 21:58:43 +02:00 committed by Dmitry V. Levin
parent b29853702e
commit daf88b1dd1
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
NEWS
View File

@ -76,6 +76,11 @@ Security related changes:
CVE-2020-1752: A use-after-free vulnerability in the glob function when
expanding ~user has been fixed.
CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
memmove functions has been fixed. Discovered by Jason Royes and Samual
Dytrych of the Cisco Security Assessment and Penetration Team (See
TALOS-2020-1019).
The following bugs are resolved with this release:
[6889] 'PWD' mentioned but not specified
@ -159,6 +164,7 @@ The following bugs are resolved with this release:
[25232] No const correctness for strchr et al. for Clang++
[25414] 'glob' use-after-free bug (CVE-2020-1752)
[25423] Array overflow in backtrace on powerpc
[25620] libc: Signed comparison vulnerability in the ARMv7 memcpy() (CVE-2020-6096)
Version 2.27