Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 494444 - sys-libs/glibc-2.17 - multiple vulnerabilities?
Summary: sys-libs/glibc-2.17 - multiple vulnerabilities?
Status: RESOLVED DUPLICATE of bug 484646
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-12-16 13:16 UTC by Ulenrich
Modified: 2014-01-04 15:08 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
glibc-2.17-CVE-Debian-2013-autumn.patch (glibc-2.17-CVE-debian.patch,28.19 KB, patch)
2013-12-16 13:17 UTC, Ulenrich 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ulenrich 2013-12-16 13:16:37 UTC 
Reading the Changelogs when updating my Debian-sid, 
I found these eglibc patches 
which are applicable to Gentoo glibc-2.17 just fine:

CVE-2013-4332-memalign.diff.patch
CVE-2013-4332-pvalloc.diff.patch
CVE-2013-4332-valloc.diff.patch
CVE-2013-4237.diff.patch
CVE-2013-4788-static-ptrguard.diff.patch
CVE-2013-4788-static-ptrguard-arm.diff.patch
CVE-2013-4237-alignment.diff.patch
NonCVE-findlocale-div-by-zero.diff.patch

Runs well my Gentoo~unstable having these patches.
Is it Gentoo policy to only security support the stable glibc-2.16 ?


Reproducible: Always
Comment 1 Ulenrich 2013-12-16 13:17:46 UTC 
Created attachment 365468 [details, diff]
glibc-2.17-CVE-Debian-2013-autumn.patch
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2013-12-16 13:21:18 UTC 

*** This bug has been marked as a duplicate of bug 484646 ***
Comment 3 Agostino Sarubbo gentoo-dev 2013-12-16 14:00:46 UTC 
All CVEs you listed are filed separately as bug.
Comment 4 Ulenrich 2013-12-16 14:40:14 UTC 
@Agostino 
Is the portage GLSA checker able to automaticly examine what upstream git commit to use as an epatch_user patch applicable to my special glibc-2.17 version? The Gentoo CVE bugs you mention do not specify any glibc version. Howto get these bugs information out of the bugtracker into my portage tree?