CVE-2014-6040: Crashes on invalid input in IBM gconv modules [BZ #17325]

These changes are based on the fix for BZ #14134 in commit 6e230d11837f3ae7b375ea69d7905f0d18eb79e5.
author: Florian Weimer <fweimer@redhat.com> 2014-09-03 19:45:43 +0200
committer: Florian Weimer <fweimer@redhat.com> 2014-09-03 19:46:42 +0200
commit: 41488498b6d9440ee66ab033808cce8323bba7ac (patch)
tree: c71261df9fe5e8fbd7193181e7a1ca8160cfa6bb /NEWS
parent: a78b712d405b55405b425e9b1453745615483003 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 1af9e706dc..17b75825fa 100644
--- a/NEWS
+++ b/NEWS
@@ -23,7 +23,7 @@ Version 2.20
   16966, 16967, 16977, 16978, 16984, 16990, 16996, 17009, 17022, 17031,
   17042, 17048, 17050, 17058, 17061, 17062, 17069, 17075, 17078, 17079,
   17084, 17086, 17088, 17092, 17097, 17125, 17135, 17137, 17150, 17153,
-  17187, 17213, 17259, 17261, 17262, 17263, 17319.
+  17187, 17213, 17259, 17261, 17262, 17263, 17319, 17325.
 
 * Reverted change of ABI data structures for s390 and s390x:
   On s390 and s390x the size of struct ucontext and jmp_buf was increased in
@@ -115,6 +115,11 @@ Version 2.20
   normal gconv conversion modules are still supported.  Transliteration
   with //TRANSLIT is still possible, and the //IGNORE specifier
   continues to be  supported. (CVE-2014-5119)
+
+* Decoding a crafted input sequence in the character sets IBM933, IBM935,
+  IBM937, IBM939, IBM1364 could result in an out-of-bounds array read,
+  resulting a denial-of-service security vulnerability in applications which
+  use functions related to iconv. (CVE-2014-6040)
 
 Version 2.19
author	Florian Weimer <fweimer@redhat.com>	2014-09-03 19:45:43 +0200
committer	Florian Weimer <fweimer@redhat.com>	2014-09-03 19:46:42 +0200
commit	41488498b6d9440ee66ab033808cce8323bba7ac (patch)
tree	c71261df9fe5e8fbd7193181e7a1ca8160cfa6bb /NEWS
parent	a78b712d405b55405b425e9b1453745615483003 (diff)