* [PATCH COMMITTED] Record CVE-2019-9169 in NEWS and ChangeLog [BZ #24114]
@ 2019-03-16 22:24 Aurelien Jarno
0 siblings, 0 replies; only message in thread
From: Aurelien Jarno @ 2019-03-16 22:24 UTC (permalink / raw)
To: libc-alpha; +Cc: Aurelien Jarno
---
ChangeLog | 1 +
NEWS | 4 ++++
2 files changed, 5 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index ce14d885b26..f7c9ee51adf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1576,6 +1576,7 @@
2019-01-31 Paul Eggert <eggert@cs.ucla.edu>
+ CVE-2019-9169
regex: fix read overrun [BZ #24114]
Problem found by AddressSanitizer, reported by Hongxu Chen in:
https://debbugs.gnu.org/34140
diff --git a/NEWS b/NEWS
index f12524dc624..cdf7b51f6d2 100644
--- a/NEWS
+++ b/NEWS
@@ -46,6 +46,10 @@ Security related changes:
memcmp gave the wrong result since it treated the size argument as
zero. Reported by H.J. Lu.
+ CVE-2019-9169: Attempted case-insensitive regular-expression match
+ via proceed_next_node in posix/regexec.c leads to heap-based buffer
+ over-read. Reported by Hongxu Chen.
+
The following bugs are resolved with this release:
[The release manager will add the list generated by
--
2.20.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2019-03-16 22:24 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-03-16 22:24 [PATCH COMMITTED] Record CVE-2019-9169 in NEWS and ChangeLog [BZ #24114] Aurelien Jarno
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).