Package: eglibc
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for eglibc.
CVE-2013-1914[0]:
getaddrinfo() stack overflow
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog en
Control: tags -1 + patch
Hi
Only a small update. Upstream commit:
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1cef1b19089528db11f221e938f60b9b048945d7
see: http://marc.info/?l=oss-security&m=136515592721172&w=2
Regards,
Salvatore
--
To UNSUBSCRIBE, email to debian-glibc-requ...@li
Control: found -1 2.11.3-1
Hi,
The upstream commit referenced above isn't enough for, at least,
squeeze's 2.11.3.
There's another stack overflow in gaih_inet when calling gethostbyname4_r.
2.17 uses malloc if needed, and git blames the following commit for
those changes:
http://sourceware.org/gi
Another update:
http://www.openwall.com/lists/oss-security/2013/07/04/8
And attaching the patches mentioned in that email.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
glibc-rh797096-1.patch
Description: Binary data
glibc-rh947882.patch
Description: Binary d
Processing control commands:
> tags -1 + patch
Bug #704623 [eglibc] eglibc: CVE-2013-1914: getaddrinfo() stack overflow
Added tag(s) patch.
--
704623: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704623
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIB
Processing control commands:
> found -1 2.11.3-1
Bug #704623 {Done: Aurelien Jarno } [eglibc] eglibc:
CVE-2013-1914: getaddrinfo() stack overflow
There is no source info for the package 'eglibc' at version '2.11.3-1' with
architecture ''
Unable to make a source version for version '2.11.3-1'
Mar
6 matches
Mail list logo
