FS#73528 : glibc: CVEs noted in glibc-2.33

FS#73528 - glibc: CVEs noted in glibc-2.33

Attached to Project: Arch Linux
Opened by Andrew (abrouwers) - Thursday, 27 January 2022, 14:34 GMT
Last edited by freswa (frederik) - Friday, 11 February 2022, 16:13 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Levente Polyak (anthraxx)
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	2 Francesco Minnocci (BachoSeven) (2022-02-03) agapito fernandez (agapito) (2022-01-27)
Private	No

Details

Description:

Recently, I noticed that another distro I use patched glibc-2.33 for some recent CVEs reported/fixed upstream. Unfortunately, it seems like the arch glibc package (well, toolchain) is not actively maintained at the moment. Any chance to at least address the open CVEs?

https://sourceware.org/git/?p=glibc.git;a=shortlog;h=refs/heads/release/2.33/master

This task depends upon

Closed by freswa (frederik)
Friday, 11 February 2022, 16:13 GMT
Reason for closing: Fixed
Additional comments about closing: glibc-2.35 in [testing]

Comment by T.J. Townsend (blakkheim) - Sunday, 30 January 2022, 15:15 GMT

Could the security fixes be backported to the current version until someone decides enough is enough with the old toolchain?

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#73528 - glibc: CVEs noted in glibc-2.33

Details

Loading...