Bug 33383

Summary:	glibc vulnerabilities
Product:	Gentoo Security	Reporter:	Carsten Lohrke (RETIRED) <carlo>
Component:	GLSA Errors	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	critical	CC:	azarah, gcc-porting
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	glibc-2.2.5-getgrouplist.patch glibc-2.3.1-getgrouplist.patch glibc-ftw.patch

Description Carsten Lohrke (RETIRED) gentoo-dev

2003-11-13 03:45:36 UTC

https://rhn.redhat.com/errata/RHSA-2003-325.html

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

Comment 1 SpanKY gentoo-dev

2003-11-13 10:07:05 UTC

Created attachment 20704 [details, diff]
glibc-2.2.5-getgrouplist.patch

patch extracted from 2.2.5 redhat src rpm (glibc-2.2.5-44.src.rpm)

Comment 2 SpanKY gentoo-dev

2003-11-13 10:10:37 UTC

Created attachment 20706 [details, diff]
glibc-2.3.1-getgrouplist.patch

patch extracted from the glibc-2.3.2-27.9.6.src.rpm

Comment 3 SpanKY gentoo-dev

2003-11-13 10:15:12 UTC

the 2.3.1 patch also needs to be applied to all of the glibc-2.3.2-rX ebuilds ... perhaps now would be a good time to clean out all that cruft and unify the KEYWORDS again ?

Comment 4 Martin Schlemmer (RETIRED) gentoo-dev

2003-11-14 14:36:11 UTC

Created attachment 20751 [details, diff]
glibc-ftw.patch

Should add this to 2.3.2 as well, as it fixes a memory leak.

Comment 5 Martin Schlemmer (RETIRED) gentoo-dev

2003-11-16 11:48:23 UTC

Ok, added to the tree (seems like unstable have had the fix for a while,
but was back then not a security fix).  Anybody up for a GLSA ?

Comment 6 Andrea Barisani (RETIRED) gentoo-dev

2003-11-24 10:25:56 UTC

GLSA sent, I'm closing it.