Message ID | 20200304213604.97558-1-aurelien@aurel32.net |
---|---|
State | New |
Headers | show |
Series | Add NEWS entry for CVE-2020-10029 (bug 25487) | expand |
* Aurelien Jarno: > From what I understand, part of the NEWS file is filled automatically > just before releases, but it's not the case for the security related > changes. In any case we need to provide one when backporting the patch > to other branches, so here is a proposal below. Yes, thanks for doing that. I didn't get around to it yesterday. > diff --git a/NEWS b/NEWS > index 77631ca7071..4623984d36d 100644 > --- a/NEWS > +++ b/NEWS > @@ -21,7 +21,9 @@ Changes to build and runtime requirements: > > Security related changes: > > - [Add security related changes here] > + CVE-2020-10029: The sinl function on x86 targets suffered from stack > + corruption when it was passed a pseudo-zero argument. Reported by > + Guido Vranken. As far as I know, this is not restricted to sinl, any function which performs range reduction is affected. Guido should comment on the attribution. I strongly prefer crediting people, not organizations, but other glibc developers do not share my reservations in this area. Thanks, Florian
diff --git a/NEWS b/NEWS index 77631ca7071..4623984d36d 100644 --- a/NEWS +++ b/NEWS @@ -21,7 +21,9 @@ Changes to build and runtime requirements: Security related changes: - [Add security related changes here] + CVE-2020-10029: The sinl function on x86 targets suffered from stack + corruption when it was passed a pseudo-zero argument. Reported by + Guido Vranken. The following bugs are resolved with this release: