Message ID | 20200730080830.1920521-1-aurelien@aurel32.net |
---|---|
State | New |
Headers | show |
Series | Add NEWS entry for CVE-2016-10228 (bug 19519) | expand |
* Aurelien Jarno: > diff --git a/NEWS b/NEWS > index 1ef4a0a7a47..1625e55cccb 100644 > --- a/NEWS > +++ b/NEWS > @@ -154,6 +154,10 @@ Changes to build and runtime requirements: > > Security related changes: > > + CVE-2016-10228: An infinite loop has been fixed in the iconv program when > + invoked with the -c option and when processing invalid multi-byte input > + sequences. I think this should say “Reported by Jan Engelhardt.” Thanks, Florian
On 2020-07-30 10:52, Florian Weimer wrote: > * Aurelien Jarno: > > > diff --git a/NEWS b/NEWS > > index 1ef4a0a7a47..1625e55cccb 100644 > > --- a/NEWS > > +++ b/NEWS > > @@ -154,6 +154,10 @@ Changes to build and runtime requirements: > > > > Security related changes: > > > > + CVE-2016-10228: An infinite loop has been fixed in the iconv program when > > + invoked with the -c option and when processing invalid multi-byte input > > + sequences. > > I think this should say “Reported by Jan Engelhardt.” > Good point, I have just sent a v2 fixing that. Aurelien
diff --git a/NEWS b/NEWS index 1ef4a0a7a47..1625e55cccb 100644 --- a/NEWS +++ b/NEWS @@ -154,6 +154,10 @@ Changes to build and runtime requirements: Security related changes: + CVE-2016-10228: An infinite loop has been fixed in the iconv program when + invoked with the -c option and when processing invalid multi-byte input + sequences. + CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack corruption when they were passed a pseudo-zero argument. Reported by Guido Vranken / ForAllSecure Mayhem.