Bug#615120: eglibc: alloca memory corruption
On Fri, Feb 25, 2011 at 04:22:11PM -0500, Michael Gilbert wrote: package: eglibc version: 2.11.2-10 severity: grave tag: security A memory corruption issue has been disclosed for eglibc [0]. I've checked, and lenny (glibc), squeeze, and sid are affected by the poc. experimental is not. According to the report, this permits arbitrary code execution. Do you have a CVE number that we can use in the changelog? -- Aurelien Jarno GPG: 1024D/F1BCDB73 aurel...@aurel32.net http://www.aurel32.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#615120: eglibc: alloca memory corruption
On Sat, 26 Feb 2011 11:29:06 +0100 Aurelien Jarno wrote: On Fri, Feb 25, 2011 at 04:22:11PM -0500, Michael Gilbert wrote: package: eglibc version: 2.11.2-10 severity: grave tag: security A memory corruption issue has been disclosed for eglibc [0]. I've checked, and lenny (glibc), squeeze, and sid are affected by the poc. experimental is not. According to the report, this permits arbitrary code execution. Do you have a CVE number that we can use in the changelog? No, there hasn't been one assigned yet. Mike -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#615120: eglibc: alloca memory corruption
package: eglibc version: 2.11.2-10 severity: grave tag: security A memory corruption issue has been disclosed for eglibc [0]. I've checked, and lenny (glibc), squeeze, and sid are affected by the poc. experimental is not. According to the report, this permits arbitrary code execution. [0] http://seclists.org/fulldisclosure/2011/Feb/635 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org