Skip to content

Commit

Permalink
Add NEWS entry for CVE-2018-11236
Browse files Browse the repository at this point in the history 
(cherry picked from commit 4df8479e6b3baf365bd4eedbba922b73471e5d73)
  • Loading branch information
@fweimer-rh @akhuettel
fweimer-rh authored and akhuettel committed May 25, 2018
1 parent 4814cb7 commit 7978443
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions NEWS
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,10 @@ Security related changes:
the value of SIZE_MAX, would return a pointer to a buffer which is too
small, instead of NULL.

CVE-2018-11236: Very long pathname arguments to realpath function could
result in an integer overflow and buffer overflow. Reported by Alexey
Izbyshev.

CVE-2018-11237: The mempcpy implementation for the Intel Xeon Phi
architecture could write beyond the target buffer, resulting in a buffer
overflow. Reported by Andreas Schwab.
Expand Down

0 comments on commit 7978443

Please sign in to comment.