Record CVE-2019-9169 in NEWS and ChangeLog [BZ #24114]

(cherry picked from commit b626c5aa5d)
2019-03-16 22:59:56 +01:00 · 2019-03-16 22:59:56 +01:00 · 54e725e39d
parent 2aee101ff6
commit 54e725e39d
2 changed files with 5 additions and 0 deletions
--- a/1
+++ b/1
@ -1,5 +1,6 @@
 2019-01-31  Paul Eggert  <eggert@cs.ucla.edu>

+	CVE-2019-9169
 	regex: fix read overrun [BZ #24114]
 	Problem found by AddressSanitizer, reported by Hongxu Chen in:
 	https://debbugs.gnu.org/34140
--- a/4
+++ b/4
@ -76,6 +76,10 @@ Security related changes:
  CVE-2016-10739: The getaddrinfo function could successfully parse IPv4
  addresses with arbitrary trailing characters, potentially leading to data
  or command injection issues in applications.
+
+  CVE-2019-9169: Attempted case-insensitive regular-expression match
+  via proceed_next_node in posix/regexec.c leads to heap-based buffer
+  over-read.  Reported by Hongxu Chen.

 Version 2.28