[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#28933] [PATCH] gnu: glibc: Fix CVE-2017-15670, CVE-2017-15671.

From: Marius Bakke
Subject: [bug#28933] [PATCH] gnu: glibc: Fix CVE-2017-15670, CVE-2017-15671.
Date: Sun, 22 Oct 2017 20:36:06 +0200
User-agent: Notmuch/0.25.1 ( Emacs/25.3.1 (x86_64-pc-linux-gnu)

Leo Famulari <address@hidden> writes:

> On Sat, Oct 21, 2017 at 11:17:32PM +0200, Marius Bakke wrote:
>> * gnu/packages/patches/glibc-CVE-2017-15670-15671.patch: New file.
>> * gnu/ (dist_patch_DATA): Register it.
>> * gnu/packages/base.scm (glibc/linux)[replacement]: New field.
>> (glibc/fixed): New variable.
> Thanks!
> Do you think we need to do anything special with the glibc packages
> besides glibc/linux, such as glibc/hurd, glibc-2.24, etc?

It probably should be picked to the earlier glibcs as well, IIRC the
affected code was from 1997.  I'll try this and amend the patch.

Not sure about glibc/hurd, but I notice it does not have the other
security patches that 'glibc-2.23' has.  Picking those should be left to
someone able to easily test it IMO.

Side-note: I was really surprised that grafting glibc had become *this
easy*, but it seems to work in my testing.  I'll push this after
patching the older glibc variants unless there are further comments.

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]