Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#43747 - [glibc][CVE-2015-1472] heap buffer overflow in glibc swscanf
Attached to Project:
Arch Linux
Opened by Christian Rebischke (Shibumi) - Monday, 09 February 2015, 01:48 GMT
Last edited by Allan McRae (Allan) - Monday, 09 February 2015, 03:55 GMT
Opened by Christian Rebischke (Shibumi) - Monday, 09 February 2015, 01:48 GMT
Last edited by Allan McRae (Allan) - Monday, 09 February 2015, 03:55 GMT
|
DetailsSummary
======= There is a heap buffer overflow in the actual glibc version 2.20-6 due to a 1 year old bug in glibc. Its unsure if the bug is exploitable or not but the next version 2.21 solves the issue. References ========== https://marc.info/?l=oss-security&m=142301982723839&w=2 CVE-2015-1472 https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html Changelog of glibc 2.21 greetings and thx for your great work with glibc Chris |
This task depends upon
Closed by Allan McRae (Allan)
Monday, 09 February 2015, 03:55 GMT
Reason for closing: Fixed
Additional comments about closing: glibc-2.21-1
Monday, 09 February 2015, 03:55 GMT
Reason for closing: Fixed
Additional comments about closing: glibc-2.21-1
The fix for CVE-2015-1472 also fixes CVE-2015-1473.