Source: glibc Version: 2.42-10 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for glibc. CVE-2025-15281[0]: | Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in | the GNU C Library version 2.0 to version 2.42 may cause the | interface to return uninitialized memory in the we_wordv member, | which on subsequent calls to wordfree may abort the process. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-15281 https://www.cve.org/CVERecord?id=CVE-2025-15281 [1] https://www.openwall.com/lists/oss-security/2026/01/20/3 [2] https://sourceware.org/git/?p=glibc.git;a=commit;h=80cc58ea2de214f85b0a1d902a3b668ad2ecb302 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
