aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAurelien Jarno <aurelien@aurel32.net>2019-03-16 22:59:56 +0100
committerAurelien Jarno <aurelien@aurel32.net>2019-03-16 23:34:23 +0100
commit54e725e39d0190227b9bf975a7c3f80e8a81365a (patch)
tree51ccc2f355aba8285e4b411b6dd1b4eaaddfd484
parent2aee101ff6075dd97a99982a1ba29e21ec25c52f (diff)
downloadglibc-54e725e39d0190227b9bf975a7c3f80e8a81365a.tar
glibc-54e725e39d0190227b9bf975a7c3f80e8a81365a.tar.gz
glibc-54e725e39d0190227b9bf975a7c3f80e8a81365a.tar.bz2
glibc-54e725e39d0190227b9bf975a7c3f80e8a81365a.zip
Record CVE-2019-9169 in NEWS and ChangeLog [BZ #24114]
(cherry picked from commit b626c5aa5d0673a9caa48fb79fba8bda237e6fa8)
Diffstat
-rw-r--r--ChangeLog1
-rw-r--r--NEWS4
2 files changed, 5 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 0ef60fa5ac..5667d9262b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
2019-01-31 Paul Eggert <eggert@cs.ucla.edu>
+ CVE-2019-9169
regex: fix read overrun [BZ #24114]
Problem found by AddressSanitizer, reported by Hongxu Chen in:
https://debbugs.gnu.org/34140
diff --git a/NEWS b/NEWS
index 11d9af739c..f4981a16f0 100644
--- a/NEWS
+++ b/NEWS
@@ -76,6 +76,10 @@ Security related changes:
CVE-2016-10739: The getaddrinfo function could successfully parse IPv4
addresses with arbitrary trailing characters, potentially leading to data
or command injection issues in applications.
+
+ CVE-2019-9169: Attempted case-insensitive regular-expression match
+ via proceed_next_node in posix/regexec.c leads to heap-based buffer
+ over-read. Reported by Hongxu Chen.
Version 2.28
generated by cgit v1.2.3-70-g09d2 (git 2.50.0) at 2025-08-09 21:35:07 +0000