Comment 1 SpanKY 2010-06-25 19:47:27 UTC

this is already in glibc-2.11.2 which is already in the tree

Comment 2 Stefan Behte (RETIRED) 2010-06-25 21:36:49 UTC

CVE-2010-0830 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0830):
  Integer signedness error in the elf_get_dynamic_info function in
  elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or libc6)
  2.0.1 through 2.11.1, when the --verify option is used, allows
  user-assisted remote attackers to execute arbitrary code via a
  crafted ELF program with a negative value for a certain d_tag
  structure member in the ELF header.

Comment 3 Stefan Behte (RETIRED) 2010-08-01 12:58:21 UTC

GLSA will be filed together with #285818.

Comment 4 Tobias Heinlein (RETIRED) 2010-11-15 21:34:28 UTC

This is GLSA 201011-01, thanks everyone, and sorry about the delay.

Comment 5 GLSAMaker/CVETool Bot 2011-10-08 14:43:14 UTC

CVE-2011-1071 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1071):
  The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC
  (EGLIBC) allow context-dependent attackers to execute arbitrary code or
  cause a denial of service (memory consumption) via a long UTF8 string that
  is used in an fnmatch call, aka a "stack extension attack," a related issue
  to CVE-2010-2898, CVE-2010-1917, and CVE-2007-4782, as originally reported
  for use of this library by Google Chrome.

Comment 6 Tobias Heinlein (RETIRED) 2011-10-08 14:46:47 UTC

Sorry about the last comment, wrong bug.