[v2] Add NEWS entry for CVE-2016-10228 (bug 19519)

Message ID 20200730115152.3545521-1-aurelien@aurel32.net
State New
Headers show
Series
  • [v2] Add NEWS entry for CVE-2016-10228 (bug 19519)
Related show

Commit Message

Aurelien Jarno July 30, 2020, 11:51 a.m.
---
 NEWS | 4 ++++
 1 file changed, 4 insertions(+)

-- 
2.27.0

Comments

Vitaly Buka via Libc-alpha Aug. 3, 2020, 6:54 p.m. | #1
On 7/30/20 7:51 AM, Aurelien Jarno wrote:
> ---

>  NEWS | 4 ++++

>  1 file changed, 4 insertions(+)

> 

> diff --git a/NEWS b/NEWS

> index 1ef4a0a7a47..0ce408528f2 100644

> --- a/NEWS

> +++ b/NEWS

> @@ -154,6 +154,10 @@ Changes to build and runtime requirements:

>  

>  Security related changes:

>  

> +  CVE-2016-10228: An infinite loop has been fixed in the iconv program when

> +  invoked with the -c option and when processing invalid multi-byte input

> +  sequences.  Reported by Jan Engelhardt.

> +

>    CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack

>    corruption when they were passed a pseudo-zero argument.  Reported by Guido

>    Vranken / ForAllSecure Mayhem.

> 


OK for 2.32. Please push ASAP.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>


-- 
Cheers,
Carlos.
Aurelien Jarno Aug. 3, 2020, 9:26 p.m. | #2
On 2020-08-03 14:54, Carlos O'Donell wrote:
> On 7/30/20 7:51 AM, Aurelien Jarno wrote:

> > ---

> >  NEWS | 4 ++++

> >  1 file changed, 4 insertions(+)

> > 

> > diff --git a/NEWS b/NEWS

> > index 1ef4a0a7a47..0ce408528f2 100644

> > --- a/NEWS

> > +++ b/NEWS

> > @@ -154,6 +154,10 @@ Changes to build and runtime requirements:

> >  

> >  Security related changes:

> >  

> > +  CVE-2016-10228: An infinite loop has been fixed in the iconv program when

> > +  invoked with the -c option and when processing invalid multi-byte input

> > +  sequences.  Reported by Jan Engelhardt.

> > +

> >    CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack

> >    corruption when they were passed a pseudo-zero argument.  Reported by Guido

> >    Vranken / ForAllSecure Mayhem.

> > 

> 

> OK for 2.32. Please push ASAP.

> 

> Reviewed-by: Carlos O'Donell <carlos@redhat.com>


Thanks for the review, I have just push the changes.

Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                 http://www.aurel32.net

Patch

diff --git a/NEWS b/NEWS
index 1ef4a0a7a47..0ce408528f2 100644
--- a/NEWS
+++ b/NEWS
@@ -154,6 +154,10 @@  Changes to build and runtime requirements:
 
 Security related changes:
 
+  CVE-2016-10228: An infinite loop has been fixed in the iconv program when
+  invoked with the -c option and when processing invalid multi-byte input
+  sequences.  Reported by Jan Engelhardt.
+
   CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
   corruption when they were passed a pseudo-zero argument.  Reported by Guido
   Vranken / ForAllSecure Mayhem.