void-packages/srcpkgs/glibc/patches/glibc-upstream-09.patch

39 lines
1.1 KiB
Diff
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From 10dd17da710fd32aaf1f2187544d80064b8c4ee0 Mon Sep 17 00:00:00 2001
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Sat, 16 Mar 2019 22:59:56 +0100
Subject: [PATCH 09] Record CVE-2019-9169 in NEWS and ChangeLog [BZ #24114]
(cherry picked from commit b626c5aa5d0673a9caa48fb79fba8bda237e6fa8)
---
ChangeLog | 1 +
NEWS | 4 ++++
2 files changed, 5 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index fb88626efe..80413dd560 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
2019-01-31 Paul Eggert <eggert@cs.ucla.edu>
+ CVE-2019-9169
regex: fix read overrun [BZ #24114]
Problem found by AddressSanitizer, reported by Hongxu Chen in:
https://debbugs.gnu.org/34140
diff --git a/NEWS b/NEWS
index 340e06d0f4..271bf7a2cd 100644
--- a/NEWS
+++ b/NEWS
@@ -24,6 +24,10 @@ Security related changes:
memcmp gave the wrong result since it treated the size argument as
zero. Reported by H.J. Lu.
+ CVE-2019-9169: Attempted case-insensitive regular-expression match
+ via proceed_next_node in posix/regexec.c leads to heap-based buffer
+ over-read. Reported by Hongxu Chen.
+
Version 2.29