diff options
| author | Jeff Law <law@redhat.com> | 2014-12-15 10:09:32 +0100 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2014-12-15 10:09:33 +0100 |
| commit | a5357b7ce2a2982c5778435704bcdb55ce3667a0 (patch) | |
| tree | 1292d6cb3f935bf84f07a1acc2fc92409dce1084 /ChangeLog | |
| parent | 3a12c70f137707074209241e6c6172ea25f9ab4a (diff) | |
| download | glibc-a5357b7ce2a2982c5778435704bcdb55ce3667a0.tar glibc-a5357b7ce2a2982c5778435704bcdb55ce3667a0.tar.gz glibc-a5357b7ce2a2982c5778435704bcdb55ce3667a0.tar.bz2 glibc-a5357b7ce2a2982c5778435704bcdb55ce3667a0.zip | |
CVE-2012-3406: Stack overflow in vfprintf [BZ #16617]
A larger number of format specifiers coudld cause a stack overflow,
potentially allowing to bypass _FORTIFY_SOURCE format string
protection.
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 9 |
1 files changed, 9 insertions, 0 deletions
@@ -1,3 +1,12 @@ +2014-12-15 Jeff Law <law@redhat.com> + + [BZ #16617] + * stdio-common/vfprintf.c (vfprintf): Allocate large specs array + on the heap. (CVE-2012-3406) + * stdio-common/bug23-2.c, stdio-common/bug23-3.c: New file. + * stdio-common/bug23-4.c: New file. Test case by Joseph Myers. + * stdio-common/Makefile (tests): Add bug23-2, bug23-3, bug23-4. + 2014-12-15 Will Newton <will.newton@linaro.org> * manual/install.texi: Bump required version of texinfo |