"The mq_notify function in the GNU C Library (aka glibc) through 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact."
Fixed in 2.34, not got the commit to hand...
Any news on backport?
(In reply to Sam James from comment #2)
> Any news on backport?
Oh, I see it in the branch now.
Fixed in 2.33-r1 too.
arches please *test* and stabilize sys-libs/glibc-2.33-r1
please make tests only block if they are regressions compared to 2.33(-r0)
currently I get the same three test failures for 2.33 and 2.33-r1:
Added to existing request
This issue was resolved and addressed in
GLSA 202107-07 at https://security.gentoo.org/glsa/202107-07
by GLSA coordinator John Helmert III (ajak).
Reopening for stabilization and cleanup
ppc: ping pretty please
(In reply to Andreas K. Hüttel from comment #16)
> ppc: ping pretty please
Yes please, I just got bit by the select(2) timeout bug in 2.33
all arches done
(In reply to Sam James from comment #18)
> ppc done
> all arches done
(In reply to Joakim Tjernlund from comment #20)
> (In reply to Sam James from comment #18)
> > ppc done
> > all arches done
np, thanks for the reminder!
The bug has been referenced in the following commit(s):
Author: Andreas K. Hüttel <email@example.com>
AuthorDate: 2021-10-30 15:42:14 +0000
Commit: Andreas K. Hüttel <firstname.lastname@example.org>
CommitDate: 2021-10-30 15:42:31 +0000
sys-libs/glibc: Remove old
Package-Manager: Portage-3.0.28, Repoman-3.0.3
Signed-off-by: Andreas K. Hüttel <email@example.com>
sys-libs/glibc/Manifest | 2 -
sys-libs/glibc/glibc-2.33-r6.ebuild | 1551 -----------------------------------
sys-libs/glibc/glibc-2.33.ebuild | 1494 ---------------------------------
3 files changed, 3047 deletions(-)
All affected ebuilds are now masked. No further cleanup.