Update NEWS and ChangeLog for CVE-2017-15671

(cherry picked from commit 914c9994d27b80bc3b71c483e801a4f04e269ba6)
author: Florian Weimer <fweimer@redhat.com> 2017-10-22 09:29:52 +0200
committer: Andreas K. Huettel <dilfridge@gentoo.org> 2017-12-21 20:19:13 +0100
commit: 4d751091d7e614c860b9c6508f99f60fc490d425 (patch)
tree: 02284a448007eb4018a38b8a33134e1fb68755ee
parent: Add single-threaded path to _int_malloc (diff)
download: glibc-4d751091d7e614c860b9c6508f99f60fc490d425.tar.gz
glibc-4d751091d7e614c860b9c6508f99f60fc490d425.tar.bz2
glibc-4d751091d7e614c860b9c6508f99f60fc490d425.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 359465ff3e..037b28cb9b 100644
--- a/NEWS
+++ b/NEWS
@@ -30,6 +30,11 @@ Security related changes:
   on the stack or the heap, depending on the length of the user name).
   Reported by Tim Rühsen.
 
+  CVE-2017-15671: The glob function, when invoked with GLOB_TILDE,
+  would sometimes fail to free memory allocated during ~ operator
+  processing, leading to a memory leak and, potentially, to a denial
+  of service.
+
 The following bugs are resolved with this release:
 
   [16750] ldd: Never run file directly.
author	Florian Weimer <fweimer@redhat.com>	2017-10-22 09:29:52 +0200
committer	Andreas K. Huettel <dilfridge@gentoo.org>	2017-12-21 20:19:13 +0100
commit	4d751091d7e614c860b9c6508f99f60fc490d425 (patch)
tree	02284a448007eb4018a38b8a33134e1fb68755ee
parent	Add single-threaded path to _int_malloc (diff)
download	glibc-4d751091d7e614c860b9c6508f99f60fc490d425.tar.gz glibc-4d751091d7e614c860b9c6508f99f60fc490d425.tar.bz2 glibc-4d751091d7e614c860b9c6508f99f60fc490d425.zip