NEWS: Also mention CVE-2015-1473

author: Florian Weimer <fweimer@redhat.com> 2015-02-06 16:28:24 +0100
committer: Florian Weimer <fweimer@redhat.com> 2015-02-06 16:56:53 +0100
commit: 46d54873c379cb1a3acc501587a5bc22c0767b38 (patch)
tree: e7b952aa6eae1e3883124aaccd97d7e77bda21ba
parent: 1c7a4a51a30dd001c81630156458ee55fc2e883c (diff)
download: glibc-46d54873c379cb1a3acc501587a5bc22c0767b38.tar
glibc-46d54873c379cb1a3acc501587a5bc22c0767b38.tar.gz
glibc-46d54873c379cb1a3acc501587a5bc22c0767b38.tar.bz2
glibc-46d54873c379cb1a3acc501587a5bc22c0767b38.zip
1 files changed, 5 insertions, 4 deletions
diff --git a/NEWS b/NEWS
index 1f839bce2a..585eda6051 100644
--- a/NEWS
+++ b/NEWS
@@ -27,10 +27,11 @@ Version 2.21
   17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885,
   17892.
 
-* CVE-2015-1472 Under certain conditions wscanf can allocate too little
-  memory for the to-be-scanned arguments and overflow the allocated
-  buffer.  The implementation now correctly computes the required buffer
-  size when using malloc.
+* CVE-2015-1472 CVE-2015-1473 Under certain conditions wscanf can allocate
+  too little memory for the to-be-scanned arguments and overflow the
+  allocated buffer.  The implementation now correctly computes the required
+  buffer size when using malloc, and switches to malloc from alloca as
+  intended.
 
 * A new semaphore algorithm has been implemented in generic C code for all
   machines. Previous custom assembly implementations of semaphore were
author	Florian Weimer <fweimer@redhat.com>	2015-02-06 16:28:24 +0100
committer	Florian Weimer <fweimer@redhat.com>	2015-02-06 16:56:53 +0100
commit	46d54873c379cb1a3acc501587a5bc22c0767b38 (patch)
tree	e7b952aa6eae1e3883124aaccd97d7e77bda21ba
parent	1c7a4a51a30dd001c81630156458ee55fc2e883c (diff)
download	glibc-46d54873c379cb1a3acc501587a5bc22c0767b38.tar glibc-46d54873c379cb1a3acc501587a5bc22c0767b38.tar.gz glibc-46d54873c379cb1a3acc501587a5bc22c0767b38.tar.bz2 glibc-46d54873c379cb1a3acc501587a5bc22c0767b38.zip