FS#41166 : [glibc] CVE-2014-0475: glibc directory traversal in LC

FS#41166 - [glibc] CVE-2014-0475: glibc directory traversal in LC_* locale handling

Attached to Project: Arch Linux
Opened by Daniel Micay (thestinger) - Friday, 11 July 2014, 14:29 GMT
Last edited by Allan McRae (Allan) - Wednesday, 10 September 2014, 00:31 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Allan McRae (Allan)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	1 Daniel Micay (thestinger) (2014-07-11)
Private	No

Details

http://www.openwall.com/lists/oss-security/2014/07/10/7

It would probably best to backport the 3 commits listed there, even though the switch away from alloca isn't technically required.

This task depends upon

Closed by Allan McRae (Allan)
Wednesday, 10 September 2014, 00:31 GMT
Reason for closing: Fixed
Additional comments about closing: glibc-2.20 in [testing]

Comment by Allan McRae (Allan) - Saturday, 12 July 2014, 01:22 GMT

It is on my backport branch which should turn into glibc-2.19.1 (if such a release ever gets made...)

https://sourceware.org/git/?p=glibc.git;a=shortlog;h=refs/heads/allan/2.19/backport

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#41166 - [glibc] CVE-2014-0475: glibc directory traversal in LC_* locale handling

Details

Loading...