Source: glibc Version: 2.19-22 Severity: serious Tags: security fixed-upstream Control: forwarded -1 https://sourceware.org/bugzilla/show_bug.cgi?id=16009
Hello, libc6 is vulnerable to buffer overruns in strxfrm() as reported in the following upstream ticket: https://sourceware.org/bugzilla/show_bug.cgi?id=16009 The issue is fixed in glibc 2.21. No CVE has been assigned yet even though it had been requested in http://openwall.com/lists/oss-security/2015/09/08/2 The upstream patch is available here: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0f9e585480ed Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
