On Sat, Feb 05, 2011 at 02:20:14PM -0500, Michael Gilbert wrote:
> Note that a new CVE id (CVE-2011-0536) has been assigned for a
> vulnerability introduced by the patches for cve-2010-3847 [0]. It
> sounds like this affects the recent DSAs. Please take a look at the
> code and figure out what nee
On Tue, Feb 01, 2011 at 09:19:53PM -0500, Michael Gilbert wrote:
> reopen 600667
> thanks
>
> Maybe I'm reading things wrong, or maybe Mitre's information is
> actually incorrect, but it looks like the fixes claimed for
> CVE-2010-3847 in 2.11.2-8 actually address CVE-2010-3856 [0] instead.
> It l
Note that a new CVE id (CVE-2011-0536) has been assigned for a
vulnerability introduced by the patches for cve-2010-3847 [0]. It
sounds like this affects the recent DSAs. Please take a look at the
code and figure out what needs to be done to resolve these three
issues: CVE-2010-3847, CVE-2010-3856
Processing commands for cont...@bugs.debian.org:
> user release.debian@packages.debian.org
Setting user to release.debian@packages.debian.org (was
jcris...@debian.org).
> usertag 600667 squeeze-can-defer
Bug#600667: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid
library s
user release.debian@packages.debian.org
usertag 600667 squeeze-can-defer
tag 600667 squeeze-ignore
kthxbye
On Tue, Feb 1, 2011 at 21:19:53 -0500, Michael Gilbert wrote:
> reopen 600667
> thanks
>
> Maybe I'm reading things wrong, or maybe Mitre's information is
> actually incorrect, but it
reopen 600667
thanks
Maybe I'm reading things wrong, or maybe Mitre's information is
actually incorrect, but it looks like the fixes claimed for
CVE-2010-3847 in 2.11.2-8 actually address CVE-2010-3856 [0] instead.
It looks like CVE-2010-3847 [1] is still unfixed. The original fix in
-7 may have
6 matches
Mail list logo