Summary: | <sys-libs/glibc-2.26.0: xdr_bytes and xdr_string functions buffer deserialization | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | toolchain |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://sourceware.org/bugzilla/show_bug.cgi?id=21461 | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 657148 | ||
Bug Blocks: |
Description
GLSAMaker/CVETool Bot
2017-05-09 07:35:52 UTC
That code is gone in our glibc-2.26. Given that 2.26 is not ready for *keywords* yet, stabilization will take some time. (In reply to Andreas K. Hüttel from comment #2) > Given that 2.26 is not ready for *keywords* yet, stabilization will take > some time. As expected. Backport possible? Thanks, Andreas. (In reply to Aaron Bauman from comment #3) > (In reply to Andreas K. Hüttel from comment #2) > > Given that 2.26 is not ready for *keywords* yet, stabilization will take > > some time. > > As expected. Backport possible? Thanks, Andreas. Well... the upstream bug has a patch, but it hasn't been accepted into git there yet, so I would prefer to wait. Our 2.26 is only unaffected because we finally drop the obsolete rpc support in glibc. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=02056778ea5961e77a59a7a246b355c1225c7404 commit 02056778ea5961e77a59a7a246b355c1225c7404 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2017-11-12 12:28:38 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2017-11-12 14:15:28 +0000 sys-libs/glibc: Re-add keywords to glibc 2.26 Bug: https://bugs.gentoo.org/492814 Bug: https://bugs.gentoo.org/622694 Bug: https://bugs.gentoo.org/617938 Bug: https://bugs.gentoo.org/466176 Bug: https://bugs.gentoo.org/628768 Bug: https://bugs.gentoo.org/637016 Bug: https://bugs.gentoo.org/636934 Bug: https://bugs.gentoo.org/381391 Bug: https://bugs.gentoo.org/636158 Package-Manager: Portage-2.3.13, Repoman-2.3.4 sys-libs/glibc/glibc-2.26-r3.ebuild | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)} All affected versions are masked. Please proceed. ping? @security: ping? This issue was resolved and addressed in GLSA 201903-09 at https://security.gentoo.org/glsa/201903-09 by GLSA coordinator Aaron Bauman (b-man). |