diff mbox series

[v2,2/2] NEWS: Add advisories.

Message ID 20240502201423.3413078-2-carlos@redhat.com
State New
Headers show
Series [v2,1/2] Document CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 | expand

Commit Message

Carlos O'Donell May 2, 2024, 8:08 p.m. UTC
GLIBC-SA-2024-0004:
    ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
    sequence (CVE-2024-2961)

  GLIBC-SA-2024-0005:
    nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599)

  GLIBC-SA-2024-0006:
    nscd: Avoid null pointer crashes after notfound response
    (CVE-2024-33600)

  GLIBC-SA-2024-0007:
    nscd: netgroup cache may terminate daemon on memory allocation
    failure (CVE-2024-33601)

  GLIBC-SA-2024-0008:
    nscd: netgroup cache assumes NSS callback uses in-buffer strings
    (CVE-2024-33602)

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
---
 NEWS | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
diff mbox series

Patch

diff --git a/NEWS b/NEWS
index cf6078cf20..fbec7ec6f2 100644
--- a/NEWS
+++ b/NEWS
@@ -177,6 +177,25 @@  found in the advisories directory of the release tarball:
   GLIBC-SA-2024-0003:
     syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780)
 
+  GLIBC-SA-2024-0004:
+    ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
+    sequence (CVE-2024-2961)
+
+  GLIBC-SA-2024-0005:
+    nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599)
+
+  GLIBC-SA-2024-0006:
+    nscd: Avoid null pointer crashes after notfound response
+    (CVE-2024-33600)
+
+  GLIBC-SA-2024-0007:
+    nscd: netgroup cache may terminate daemon on memory allocation
+    failure (CVE-2024-33601)
+
+  GLIBC-SA-2024-0008:
+    nscd: netgroup cache assumes NSS callback uses in-buffer strings
+    (CVE-2024-33602)
+
 The following bugs are resolved with this release:
 
   [14522] localedata: fy_DE: LC_IDENTIFICATION data looks weird