| Summary: | sys-libs/glibc : getaddrinfo() stack overflow | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED WORKSFORME | ||
| Severity: | major | CC: | tdalman, toolchain |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2013/07/04/12 | ||
| Whiteboard: | A2 [?] | ||
| Package list: | Runtime testing required: | --- | |
I don't understand. Where exactly is the problem ? As far as I can see there is no exploitable bug on Linux (i.e., I have also no crashes with the examples provided in the glibc bug report). As far as I can tell, upstream said that this isn't a vuln. I'm not sure what to do with this. @security: thoughts? |
From ${URL} : In 2011 the problem with alloca() was not defined as a vulnerability. http://sourceware.org/bugzilla/show_bug.cgi?id=12671 @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.