Source: glibc Version: 2.19-18 Severity: important Tags: patch security upstream fixed-upstream Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=22332
Hi, the following vulnerability was published for glibc. CVE-2017-15804[0]: | The glob function in glob.c in the GNU C Library (aka glibc or libc6) | before 2.27 contains a buffer overflow during unescaping of user names | with the ~ operator. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-15804 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15804 Please adjust the affected versions in the BTS as needed. Unless I wrongly triaged the problematic code is in versions all back to 2.19. But please double-check and correct me if I'm wrong. Regards, Salvatore