Dear all:
You might be interested in a project of mine which humbly began
as helping the Slackware Linux team patch their Shadow tools
suite to properly handle possible NULL returns from glibc 2.17+
crypt().
It since has evolved into a larger project where I have been
working with developers to i
Please see my bug report for CVS documenting this behavior as well
as my patch: https://savannah.nongnu.org/bugs/?39040
--mancha
--
To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists
Processing control commands:
> found -1 2.11.3-1
Bug #704623 {Done: Aurelien Jarno } [eglibc] eglibc:
CVE-2013-1914: getaddrinfo() stack overflow
There is no source info for the package 'eglibc' at version '2.11.3-1' with
architecture ''
Unable to make a source version for version '2.11.3-1'
Mar
Control: found -1 2.11.3-1
Hi,
The upstream commit referenced above isn't enough for, at least,
squeeze's 2.11.3.
There's another stack overflow in gaih_inet when calling gethostbyname4_r.
2.17 uses malloc if needed, and git blames the following commit for
those changes:
http://sourceware.org/gi
On Tue, Jul 2, 2013 at 12:52 PM, Alexandre Oliva wrote:
> At this point, I'd rather we took the opportunity to fix code that makes
> unsafe assumptions about the behavior of crypt than push the problem on
> for users to figure out when a glibc upgrade causes passwords to fail to
> be recognized be
5 matches
Mail list logo
