Summary: | <sys-libs/glibc-2.22: data corruption while reading the NSS files database (CVE-2015-5277) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | toolchain |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1262914 | ||
See Also: | https://bugzilla.redhat.com/show_bug.cgi?id=1262914 | ||
Whiteboard: | A4 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-09-15 09:58:44 UTC
this is in the glibc 2.22 ebuild already and will be in 2.22-r1 when unmasked @toolchain, I doubt this can be cleaned up, but as usual will check with the project. Can it? Thanks. cleanup of glibc/binutils/gcc packages should be left to the toolchain team. it's not the same as other packages. (In reply to SpanKY from comment #3) > cleanup of glibc/binutils/gcc packages should be left to the toolchain team. > it's not the same as other packages. Yes, that was the intent of the comment. Asking if the toolchain team can cleanup the vulnerable ebuilds. This issue was resolved and addressed in GLSA 201702-11 at https://security.gentoo.org/glsa/201702-11 by GLSA coordinator Thomas Deutschmann (whissi). This issue was resolved and addressed in GLSA 201702-11 at https://security.gentoo.org/glsa/201702-11 by GLSA coordinator Thomas Deutschmann (whissi). |