NEWS entry for CVE-2016-3075

author: Florian Weimer <fweimer@redhat.com> 2016-04-29 10:47:40 +0200
committer: Florian Weimer <fweimer@redhat.com> 2016-04-29 10:47:40 +0200
commit: f5b3338d70a7a2c626331ac4589b6deb2f610432 (patch)
tree: 37c8c568424941b9e8bad383fb8dd5476758dc9c
parent: 4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9 (diff)
download: glibc-f5b3338d70a7a2c626331ac4589b6deb2f610432.tar
glibc-f5b3338d70a7a2c626331ac4589b6deb2f610432.tar.gz
glibc-f5b3338d70a7a2c626331ac4589b6deb2f610432.tar.bz2
glibc-f5b3338d70a7a2c626331ac4589b6deb2f610432.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index aa6209e5a1..24e13aeafa 100644
--- a/NEWS
+++ b/NEWS
@@ -27,6 +27,10 @@ Version 2.24
 
 Security related changes:
 
+* An unnecessary stack copy in _nss_dns_getnetbyname_r was removed.  It
+  could result in a stack overflow when getnetbyname was called with an
+  overly long name.  (CVE-2016-3075)
+
 * Previously, getaddrinfo copied large amounts of address data to the stack,
   even after the fix for CVE-2013-4458 has been applied, potentially
   resulting in a stack overflow.  getaddrinfo now uses a heap allocation
author	Florian Weimer <fweimer@redhat.com>	2016-04-29 10:47:40 +0200
committer	Florian Weimer <fweimer@redhat.com>	2016-04-29 10:47:40 +0200
commit	f5b3338d70a7a2c626331ac4589b6deb2f610432 (patch)
tree	37c8c568424941b9e8bad383fb8dd5476758dc9c
parent	4ab2ab03d4351914ee53248dc5aef4a8c88ff8b9 (diff)
download	glibc-f5b3338d70a7a2c626331ac4589b6deb2f610432.tar glibc-f5b3338d70a7a2c626331ac4589b6deb2f610432.tar.gz glibc-f5b3338d70a7a2c626331ac4589b6deb2f610432.tar.bz2 glibc-f5b3338d70a7a2c626331ac4589b6deb2f610432.zip