Steve Langasek wrote:
> So if there's no evidence of arbitrary code execution, I think it's
> appropriate here to downgrade the bug -- but the security team should also
> be apprised.

glibc 2.3.4 introduced more secure heap management, which renders several
code injection attacks moot. (most notably double frees)
The message that was posted in the bug report appears to trigger such a
sanity check. 
But it might be possible that smarter attacks might circumvent the glibc checks
in the future, so we should err on the safe side and apply Romain's patch.

Cheers,
        Moritz





-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to