On Thu, Jan 31, 2013 at 16:34:24 -0700, Eric Blake wrote: > CVE-2013-0242 in glibc's regex() can cause a DoS in any daemon > that runs a regex search on user input while in a multibyte locale. > I'm not sure how hard it would be to trigger such a setup for > libvirtd, but rather than risk things, we can avoid the issue: > gnulib has worked around the problem, and by updating to the latest > gnulib, we can avoid the bug even on platforms where glibc has yet > to be patched. > > * .gnulib: Update to latest, for various fixes, including regex. > * bootstrap: Resync from upstream.
ACK Jirka -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
