Summary: | <sys-libs/glibc-2.17: vfprintf vulnerabilities (CVE-2012-{3404,3405,3406}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://sourceware.org/bugzilla/show_bug.cgi?id=12445 https://sourceware.org/bugzilla/show_bug.cgi?id=13446 |
||
Whiteboard: | A3 [glsa cleanup] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2014-02-13 15:04:55 UTC
fairly certain glibc-2.17 (current stable) already contains these fixes If you can confirm we will gladly close this. Thank you. CVE-2012-3404 & CVE-2012-3405 are def fixed in >=glibc-2.15 however, i'm not seeing CVE-2012-3406. RedHat is still carrying a patch for it. Added to an existing GLSA request. Still need cleanup Same as Bug #488084 > But we need to do something about cleaning up the tree... glibc goes back to version > 2.10.1-r1 clearly vulnerable. Maintainer(s), please drop the vulnerable version(s). This issue was resolved and addressed in GLSA 201503-04 at http://security.gentoo.org/glsa/glsa-201503-04.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |