Summary: | BSD libc: strfmon() multiple vulnerabilities (CVE-2008-1391) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Christian Hoffmann (RETIRED) <hoffie> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | bsd+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://securityreason.com/achievement_securityalert/53 | ||
Whiteboard: | ~ [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Christian Hoffmann (RETIRED)
2008-12-28 10:58:49 UTC
(In reply to comment #0) > Could someone try the example codes from $URL on Gentoo/BSD (do we track > security problems here anyway?) and stable Gentoo/Linux? > Crash and hangs on Gentoo/FreeBSD. It is fixed upstream on FreeBSD-CURRENT [1]. Patch applied and tested on gentoo-bsd overlay [2]. > well... and Gentoo/FBSD is not considered dead, is it? > Gentoo/FBSD is not dead, yet the version currently in portage is (or will be soon) pretty much deprecated (6.2 is way too old and getting 6.x to work with gcc4 was a PITA). Consider this fixed (for BSD) when 7.x hits the tree (which will be soonish). [1]http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libc/stdlib/strfmon.c.diff?r2=1.14.12.1&r1=1.19&f=u [2]http://git.overlays.gentoo.org/gitweb/?p=proj/gentoo-bsd.git;a=commitdiff (In reply to comment #1) > Consider this fixed (for BSD) when 7.x hits the tree (which > will be soonish). > 7.1 packages are in the tree, so I guess this is fixed. please reopen if I missed something. |