NEWS entry for CVE-2016-3075

2016-04-29 10:47:40 +02:00 · 2016-04-29 10:47:40 +02:00 · f5b3338d70
parent 4ab2ab03d4
commit f5b3338d70
1 changed files with 4 additions and 0 deletions
--- a/4
+++ b/4
@ -27,6 +27,10 @@ Version 2.24

 Security related changes:

+* An unnecessary stack copy in _nss_dns_getnetbyname_r was removed.  It
+  could result in a stack overflow when getnetbyname was called with an
+  overly long name.  (CVE-2016-3075)
+
 * Previously, getaddrinfo copied large amounts of address data to the stack,
  even after the fix for CVE-2013-4458 has been applied, potentially
  resulting in a stack overflow.  getaddrinfo now uses a heap allocation