summaryrefslogtreecommitdiff
path: root/NEWS
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2021-01-29 17:29:57 +0100
committerFlorian Weimer <fweimer@redhat.com>2021-01-29 18:03:24 +0100
commitd7f4f3f5fb1275f0b3d9f4e1b3d9d7b75a5a9e26 (patch)
tree3d2d50dd2648db958fb857ab3cf9d6359d9d6491 /NEWS
parent570bb42376b0885e34454b22baa005090e0e1ea2 (diff)
downloadglibc-d7f4f3f5fb1275f0b3d9f4e1b3d9d7b75a5a9e26.tar.gz
NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3)
Diffstat (limited to 'NEWS')
-rw-r--r--NEWS6
1 files changed, 6 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 920fc779d0..013f8ce9b1 100644
--- a/NEWS
+++ b/NEWS
@@ -102,6 +102,12 @@ Changes to build and runtime requirements:
Security related changes:
+ CVE-2021-3326: An assertion failure during conversion from the
+ qISO-20220-JP-3 character set using the iconv function has been fixed.
+ This assertion was triggered by certain valid inputs in which the
+ converted output contains a combined sequence of two wide characters
+ crossing a buffer boundary. Reported by Tavis Ormandy.
+
CVE-2020-27618: An infinite loop has been fixed in the iconv program when
invoked with input containing redundant shift sequences in the IBM1364,
IBM1371, IBM1388, IBM1390, or IBM1399 character sets.