[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] gnu: glibc: Fix CVE-2014-5519

From: Ludovic Courtès
Subject: Re: [PATCH] gnu: glibc: Fix CVE-2014-5519
Date: Wed, 27 Aug 2014 11:22:14 +0200
User-agent: Gnus/5.130011 (Ma Gnus v0.11) Emacs/24.3 (gnu/linux)

address@hidden skribis:

> I'll push this patch to core-updates as soon as I've tested it.
> I'm not sure what we should do on 'master'.  Thoughts?

Since it permits root privilege escalation, and there’s a documented
example on how to do it, the general rule IMO should be that we should
apply it.

However, Hydra is currently in a bad state, esp. disk-space-wise, so I’m
afraid this would prevent us from deploying the fix efficiently.  :-/

So I’m inclined to just leave it on core-updates for now.  WDYT?

That said, perhaps now is a good time to write down rules on how to
handle CVEs.  Would you like to have a stab at it?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]