Maintainer(s), please drop the vulnerable version(s). Added to an existing GLSA Request.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to eglibc in Ubuntu. https://bugs.launchpad.net/bugs/1048203 Title: (CVE-2012-4412) glibc: strcoll() integer overflow leading to buffer overflow Status in The GNU C Library: Fix Released Status in eglibc package in Ubuntu: Fix Released Status in eglibc package in Debian: Fix Released Status in Fedora: Unknown Status in Gentoo Linux: Unknown Bug description: An integer overflow, leading to buffer overflow flaw was found in the way the implementation of strcoll() routine, used to compare two strings based on the current locale, of glibc, the GNU libc libraries, performed calculation of memory requirements / allocation, needed for storage of the strings. If an application linked against glibc was missing an application-level sanity checks for validity of strcoll() arguments and accepted untrusted input, an attacker could use this flaw to cause the particular application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Upstream bug report (including reproducer): [1] http://sourceware.org/bugzilla/show_bug.cgi?id=14547 To manage notifications about this bug go to: https://bugs.launchpad.net/glibc/+bug/1048203/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
