Move NEWS entry for CVE-2020-1751 to the 2.31 section

Message ID 87bljwdmle.fsf@oldenburg2.str.redhat.com
State New
Headers show
Series
  • Move NEWS entry for CVE-2020-1751 to the 2.31 section
Related show

Commit Message

Alistair Francis via Libc-alpha July 31, 2020, 10:07 a.m.
It was fixed in commit d93769405996dfc11d216ddbe415946617b5a494
("Fix array overflow in backtrace on PowerPC (bug 25423)"), which
went into glibc 2.31.

---
 NEWS | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Comments

Alistair Francis via Libc-alpha July 31, 2020, 10:36 a.m. | #1
On 7/31/20 6:07 AM, Florian Weimer via Libc-alpha wrote:
> It was fixed in commit d93769405996dfc11d216ddbe415946617b5a494

> ("Fix array overflow in backtrace on PowerPC (bug 25423)"), which

> went into glibc 2.31.


OK for 2.32.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>


> ---

>  NEWS | 6 +++---

>  1 file changed, 3 insertions(+), 3 deletions(-)

> 

> diff --git a/NEWS b/NEWS

> index 7fb167e650..85f91b3ecb 100644

> --- a/NEWS

> +++ b/NEWS

> @@ -171,9 +171,6 @@ Security related changes:

>    corruption when they were passed a pseudo-zero argument.  Reported by Guido

>    Vranken / ForAllSecure Mayhem.

>  

> -  CVE-2020-1751: A defect in the PowerPC backtrace function could cause an

> -  out-of-bounds write when executed in a signal frame context.

> -

>    CVE-2020-1752: A use-after-free vulnerability in the glob function when

>    expanding ~user has been fixed.

>  

> @@ -325,6 +322,9 @@ Changes to build and runtime requirements:

>  

>  Security related changes:

>  

> +  CVE-2020-1751: A defect in the PowerPC backtrace function could cause an

> +  out-of-bounds write when executed in a signal frame context.

> +

>    CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC

>    environment variable during program execution after a security

>    transition, allowing local attackers to restrict the possible mapping

> 



-- 
Cheers,
Carlos.

Patch

diff --git a/NEWS b/NEWS
index 7fb167e650..85f91b3ecb 100644
--- a/NEWS
+++ b/NEWS
@@ -171,9 +171,6 @@  Security related changes:
   corruption when they were passed a pseudo-zero argument.  Reported by Guido
   Vranken / ForAllSecure Mayhem.
 
-  CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
-  out-of-bounds write when executed in a signal frame context.
-
   CVE-2020-1752: A use-after-free vulnerability in the glob function when
   expanding ~user has been fixed.
 
@@ -325,6 +322,9 @@  Changes to build and runtime requirements:
 
 Security related changes:
 
+  CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
+  out-of-bounds write when executed in a signal frame context.
+
   CVE-2019-19126: ld.so failed to ignore the LD_PREFER_MAP_32BIT_EXEC
   environment variable during program execution after a security
   transition, allowing local attackers to restrict the possible mapping