Mention CVE-2014-4043 in NEWS

author: Allan McRae <allan@archlinux.org> 2014-06-21 17:23:55 +1000
committer: Allan McRae <allan@archlinux.org> 2014-06-21 17:23:55 +1000
commit: d03efb2f979defd473955a455d66b949961d26b2 (patch)
tree: 09f5eb034a05d2551b8b20baef33d91ec8c7546b /NEWS
parent: dc9a54f800f4785621ebc54d2c26c7b7a6f2e8a1 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 170aed2edb..8d08cd5cd7 100644
--- a/NEWS
+++ b/NEWS
@@ -54,6 +54,12 @@ Version 2.20
   default mutexes are elided via __builtin_tbegin, if the cpu supports
   transactions. By default lock elision is not enabled and the elision code
   is not built.
+
+* CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not
+  copy the path argument.  This allowed programs to cause posix_spawn to
+  deference a dangling pointer, or use an unexpected pathname argument if
+  the string was modified after the posix_spawn_file_actions_addopen
+  invocation.
 
 Version 2.19
author	Allan McRae <allan@archlinux.org>	2014-06-21 17:23:55 +1000
committer	Allan McRae <allan@archlinux.org>	2014-06-21 17:23:55 +1000
commit	d03efb2f979defd473955a455d66b949961d26b2 (patch)
tree	09f5eb034a05d2551b8b20baef33d91ec8c7546b /NEWS
parent	dc9a54f800f4785621ebc54d2c26c7b7a6f2e8a1 (diff)