GNU bug report logs - #27429
Stack clash (CVE-2017-1000366 etc)

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Mon, 19 Jun 2017 22:27:01 UTC

Severity: serious

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Mark H Weaver <mhw <at> netris.org>
To: ludo <at> gnu.org (Ludovic Courtès)
Cc: 27429 <at> debbugs.gnu.org, Efraim Flashner <efraim <at> flashner.co.il>, Leo Famulari <leo <at> famulari.name>
Subject: bug#27429: Stack clash (CVE-2017-1000366 etc)
Date: Thu, 29 Jun 2017 11:49:41 -0400

ludo <at> gnu.org (Ludovic Courtès) writes:

> As discussed yesterday on IRC, here’s a patch that applies the glibc
> patches for CVE-2017-1000366 in ‘core-updates’.
>
> That’s a rebuild-the-world change but we still have work to do in
> ‘core-updates’ anyway, notably regarding the Perl dot-in-@INC issue.
>
> OK for you?

Sounds good to me, but I've already merged 'master' into 'core-updates'
with this as a graft, so what's remains is to ungraft it there.

Also note that when I merged it, I forgot to add
"glibc-memchr-overflow-i686.patch" to the older variants of 'glibc'.
Unfortunately, this was a case where git merge automatically did the
wrong thing, without any conflict.  I was going to fix this soon by
eliminating the redundant lists of patches, but now I won't have to.

     Thanks,
       Mark

This bug report was last modified 7 years and 309 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #27429 Stack clash (CVE-2017-1000366 etc)

GNU bug report logs - #27429
Stack clash (CVE-2017-1000366 etc)