On Tue, Feb 01, 2011 at 09:19:53PM -0500, Michael Gilbert wrote: > reopen 600667 > thanks > > Maybe I'm reading things wrong, or maybe Mitre's information is > actually incorrect, but it looks like the fixes claimed for > CVE-2010-3847 in 2.11.2-8 actually address CVE-2010-3856 [0] instead. > It looks like CVE-2010-3847 [1] is still unfixed. The original fix in > -7 may have been correct to begin with? >
We have removed the fix in -7 because: - it has been removed in the new upload to lenny - it never went upstream. It has been replaced by this commit instead: http://sourceware.org/ml/libc-hacker/2010-12/msg00001.html So I don't think there is any security issue left with the current patch set. -- Aurelien Jarno GPG: 1024D/F1BCDB73 aurel...@aurel32.net http://www.aurel32.net -- To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110207001754.gc17...@volta.aurel32.net