Summary: | <sys-libs/glibc-2.23-r3: glob: buffer overflow with GLOB_ALTDIRFUNC due to incorrect NAME_MAX limit assumption | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Lars Wendler (Polynomial-C) (RETIRED) <polynomial-c> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | toolchain |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://sourceware.org/bugzilla/show_bug.cgi?id=19779 | ||
See Also: | https://sourceware.org/bugzilla/show_bug.cgi?id=19779 | ||
Whiteboard: | A2 [glsa cve] | ||
Package list: |
=sys-libs/glibc-2.23-r3
|
Runtime testing required: | --- |
Bug Depends on: | 604808 | ||
Bug Blocks: |
Description
Lars Wendler (Polynomial-C) (RETIRED)
2016-03-07 21:21:19 UTC
Unless I'm missing something the whiteboard is just upstream. should be fixed in glibc-2.23-r3. will need some time to bake in ~arch. @ Maintainer(s): One month later, can we now stabilize =sys-libs/glibc-2.23-r3? i don't think we need to rush this. wait until the end of Dec and it should be fine if there are no new issues. @ Arches, please test and mark stable: =sys-libs/glibc-2.23-r3 amd64 stable Stable on alpha. Stable for HPPA. Stable for PPC64. arm stable ia64 stable ppc stable x86 stable This issue was resolved and addressed in GLSA 201702-11 at https://security.gentoo.org/glsa/201702-11 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for remaining arch. Setting back to stable - sparc please complete stabilization (A2 = 5 Day Stabilization - Start Date: 2017-01-02 sparc is done now @ Maintainer(s): Please cleanup and drop <sys-libs/glibc-2.23-r3 or remove keywords/apply masks to indicate a security problem. commit aa57c4a8ee21fa208a21388c1291260c1dd8c389 Author: Matthias Maier <tamiko@gentoo.org> Date: Thu Jun 8 11:20:38 2017 -0500 profiles: Mask all glibc versions older than 2.23 Repository is clean, all done. |