aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog1
-rw-r--r--NEWS4
2 files changed, 5 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index ce14d885b2..f7c9ee51ad 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1576,6 +1576,7 @@
2019-01-31 Paul Eggert <eggert@cs.ucla.edu>
+ CVE-2019-9169
regex: fix read overrun [BZ #24114]
Problem found by AddressSanitizer, reported by Hongxu Chen in:
https://debbugs.gnu.org/34140
diff --git a/NEWS b/NEWS
index f12524dc62..cdf7b51f6d 100644
--- a/NEWS
+++ b/NEWS
@@ -46,6 +46,10 @@ Security related changes:
memcmp gave the wrong result since it treated the size argument as
zero. Reported by H.J. Lu.
+ CVE-2019-9169: Attempted case-insensitive regular-expression match
+ via proceed_next_node in posix/regexec.c leads to heap-based buffer
+ over-read. Reported by Hongxu Chen.
+
The following bugs are resolved with this release:
[The release manager will add the list generated by
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-16 14:02:24 +0000