Dear all: You might be interested in a project of mine which humbly began as helping the Slackware Linux team patch their Shadow tools suite to properly handle possible NULL returns from glibc 2.17+ crypt().
It since has evolved into a larger project where I have been working with developers to introduce needed checks to prevent possible NULL pointer dereference situations in their programs. My progress is being documented in Slackware's de facto bug & discussion forum (linuxquestions.org). You can view thread here: https://www.linuxquestions.org/questions/slackware-14/%5Bslackware- current%5D-glibc-2-17-shadow-and-other-penumbrae-4175461061/ Additionally, I have placed all patch files along with a signed digest file in a sourceforge project: https://sourceforge.net/projects/miscellaneouspa/files/glibc217/ The Debian security team might be interested in this given the security implications of some of these fixes. Please CC: me in any such correspondence. --mancha PGP Key ID: 0xB5ABF4FFF7048E92 Key fingerprint = 7F1F E9BF 77CF 15AC 8F6B C934 B5AB F4FF F704 8E92 -- To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130703191803.ca04f60...@smtp.hushmail.com
