From 89e435f3559c53084498e9baad22172b64429362 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Wed, 11 Jun 2014 23:12:52 +0200
Subject: posix_spawn_file_actions_addopen needs to copy the path argument (BZ
 17048)

POSIX requires that we make a copy, so we allocate a new string
and free it in posix_spawn_file_actions_destroy.

Reported by David Reid, Alex Gaynor, and Glyph Lefkowitz.  This bug
may have security implications.
---
 NEWS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index ca3ef633b0..655226d5d5 100644
--- a/NEWS
+++ b/NEWS
@@ -19,7 +19,7 @@ Version 2.20
   16791, 16796, 16799, 16800, 16815, 16823, 16824, 16831, 16838, 16849,
   16854, 16876, 16877, 16878, 16882, 16885, 16888, 16890, 16912, 16915,
   16916, 16917, 16922, 16927, 16928, 16932, 16943, 16958, 16965, 16966,
-  16967, 16977, 16978, 16984, 16990, 17009, 17042.
+  16967, 16977, 16978, 16984, 16990, 17009, 17042, 17048.
 
 * The minimum Linux kernel version that this version of the GNU C Library
   can be used with is 2.6.32.
-- 
cgit v1.2.3