diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 9 |
1 files changed, 8 insertions, 1 deletions
@@ -21,7 +21,14 @@ Version 2.18 15395, 15405, 15406, 15409, 15416, 15418, 15419, 15423, 15424, 15426, 15429, 15431, 15432, 15441, 15442, 15448, 15465, 15480, 15485, 15488, 15490, 15492, 15493, 15497, 15506, 15529, 15536, 15553, 15577, 15583, - 15618, 15627, 15631, 15654, 15655, 15666, 15667, 15674, 15711. + 15618, 15627, 15631, 15654, 15655, 15666, 15667, 15674, 15711, 15755. + +* CVE-2013-2207 Incorrectly granting access to another user's pseudo-terminal + has been fixed by disabling the use of pt_chown (Bugzilla #15755). + Distributions can re-enable building and using pt_chown via the new configure + option `--enable-pt_chown'. Enabling the use of pt_chown carries with it + considerable security risks and should only be used if the distribution + understands and accepts the risks. * CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla #15078). |