control: forcemerge 779587 808819 On 2015-12-23 12:14, Aeschbacher, Fabrice wrote: > Source: glibc > Version: 2.19-18+deb8u1 > Severity: important > Tags: patch security > > Dear Maintainer, > > GNU C Library (glibc) contains integer overflows in the enlarge_userbuf() and > _IO_wstr_overflow() functions in libio/wstrops.c. These issues are triggered > as > user-supplied input is not properly validated. This may allow a context- > dependent attacker to cause a heap-based buffer overflow, resulting in a > denial > of service or potentially allowing the execution of arbitrary code. > Versions <= 2.22 are affected. > > References: > https://bugs.gentoo.org/show_bug.cgi?id=541246 > https://bugzilla.redhat.com/show_bug.cgi?id=1195762 > https://sourceware.org/bugzilla/show_bug.cgi?id=17269 > http://seclists.org/oss-sec/2015/q1/646 > > Patch: > > https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33 >
This has been reported in bug#779587, and pending to be fixed. Merging the bugs. -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net