package: src:glibc
version: 2.19-13
severity: important
control: block 767048 by -1
Hi, I was working on building wine for kfreebsd-amd64 and found that
glibc's x86_64 mcontext.h is not in sync with the upstream code that
it is derived from (kfreebsd's amd64 ucontext.h).
One example is that
package: src:eglibc
severity: important
version: 2.11.3-4
A stack overflow issue was reported in eglibc:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4357
Best wishes,
Mike
--
To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
reassign 649146 eglibc
forcemerge 650234 649146
thanks
Hi,
I am reassigning these bugs. See the 650234 bug log for tinkering
done so far by Daniel Kahn Gillmor.
Best wishes,
Mike
--
To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble?
Arne Wichmann wrote:
Hi,
I see that CVE-2011-1071 (#615120) is done in testing - shouldn't it be
fixed in stable, too?
Yes, Debian security is done by volunteers with limited time, so the
best way to get things fixed is to volunteer to do the work yourself
(especially in cases like this
On Sat, 26 Feb 2011 11:29:06 +0100 Aurelien Jarno wrote:
On Fri, Feb 25, 2011 at 04:22:11PM -0500, Michael Gilbert wrote:
package: eglibc
version: 2.11.2-10
severity: grave
tag: security
A memory corruption issue has been disclosed for eglibc [0]. I've
checked, and lenny (glibc
package: eglibc
version: 2.11.2-10
severity: grave
tag: security
A memory corruption issue has been disclosed for eglibc [0]. I've
checked, and lenny (glibc), squeeze, and sid are affected by the poc.
experimental is not. According to the report, this permits arbitrary
code execution.
[0]
Note that a new CVE id (CVE-2011-0536) has been assigned for a
vulnerability introduced by the patches for cve-2010-3847 [0]. It
sounds like this affects the recent DSAs. Please take a look at the
code and figure out what needs to be done to resolve these three
issues: CVE-2010-3847,
reopen 600667
thanks
Maybe I'm reading things wrong, or maybe Mitre's information is
actually incorrect, but it looks like the fixes claimed for
CVE-2010-3847 in 2.11.2-8 actually address CVE-2010-3856 [0] instead.
It looks like CVE-2010-3847 [1] is still unfixed. The original fix in
-7 may have
On Thu, 21 Oct 2010 19:36:04 +0200, Aurelien Jarno wrote:
On Mon, Oct 18, 2010 at 06:58:45PM -0400, Michael Gilbert wrote:
package: eglibc
version: 2.11.2-6
severity: grave
tag: patch
an issue has been disclosed in eglibc. see:
http://seclists.org/fulldisclosure/2010/Oct/257
package: eglibc
version: 2.11.2-6
severity: grave
tag: patch
an issue has been disclosed in eglibc. see:
http://seclists.org/fulldisclosure/2010/Oct/257
patch available:
http://sourceware.org/ml/libc-hacker/2010-10/msg7.html
best wishes,
mike
--
To UNSUBSCRIBE, email to
package: eglibc
severity: important
tags: security
hi, it has been disclosed that glibc 2.11 is vulnerable to a house
of mind attack [0]. i have checked that 2.10 in unstable contains the
vulnerable code.
mike
[0] http://em386.blogspot.com/2010/01/glibc-211-stops-house-of-mind.html
--
To
package: eglibc
version: 2.10.1-2
severity: important
tags: security
it has been disclosed that it is possible to execute arbitrary code via
ldd. this is a pretty obscure attack vector since it requires the user
to run ldd on an untrusted executable. while unlikely (since users
using ldd should
12 matches
Mail list logo
