| Message ID | 20230206153632.2737139-1-carlos@redhat.com |
|---|---|
| State | New |
| Headers | show |
| Series | NEWS: Document CVE-2023-25139. | expand |
On Mon, Feb 6, 2023 at 10:36 AM Carlos O'Donell <carlos@redhat.com> wrote: > > --- > NEWS | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/NEWS b/NEWS > index b227e72c9c..a7979a9cd3 100644 > --- a/NEWS > +++ b/NEWS > @@ -21,7 +21,12 @@ Changes to build and runtime requirements: > > Security related changes: > > - [Add security related changes here] > + CVE-2023-25139: When the printf family of functions is called with a > + format specifier that uses an <apostrophe> (enable grouping) and a > + minimum width specifier, the resulting output could be larger than > + reasonably expected by a caller that computed a tight bound on the > + buffer size. The resulting larger than expected output could result > + in a buffer overflow in the printf family of functions. > LGTM. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
On 2/6/23 13:36, Siddhesh Poyarekar wrote: > On Mon, Feb 6, 2023 at 10:36 AM Carlos O'Donell <carlos@redhat.com> wrote: >> >> --- >> NEWS | 7 ++++++- >> 1 file changed, 6 insertions(+), 1 deletion(-) >> >> diff --git a/NEWS b/NEWS >> index b227e72c9c..a7979a9cd3 100644 >> --- a/NEWS >> +++ b/NEWS >> @@ -21,7 +21,12 @@ Changes to build and runtime requirements: >> >> Security related changes: >> >> - [Add security related changes here] >> + CVE-2023-25139: When the printf family of functions is called with a >> + format specifier that uses an <apostrophe> (enable grouping) and a >> + minimum width specifier, the resulting output could be larger than >> + reasonably expected by a caller that computed a tight bound on the >> + buffer size. The resulting larger than expected output could result >> + in a buffer overflow in the printf family of functions. >> > > LGTM. > > Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> > Thanks. Pushed. I'm backporting to release/2.37/master right now.
diff --git a/NEWS b/NEWS index b227e72c9c..a7979a9cd3 100644 --- a/NEWS +++ b/NEWS @@ -21,7 +21,12 @@ Changes to build and runtime requirements: Security related changes: - [Add security related changes here] + CVE-2023-25139: When the printf family of functions is called with a + format specifier that uses an <apostrophe> (enable grouping) and a + minimum width specifier, the resulting output could be larger than + reasonably expected by a caller that computed a tight bound on the + buffer size. The resulting larger than expected output could result + in a buffer overflow in the printf family of functions. The following bugs are resolved with this release: