GNU bug report logs - #27429
Stack clash (CVE-2017-1000366 etc)

Previous Next

Package: guix;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Mon, 19 Jun 2017 22:27:01 UTC

Severity: serious

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: ludo <at> gnu.org (Ludovic Courtès)
To: Mark H Weaver <mhw <at> netris.org>
Cc: 27429 <at> debbugs.gnu.org, Efraim Flashner <efraim <at> flashner.co.il>, Leo Famulari <leo <at> famulari.name>
Subject: bug#27429: Stack clash (CVE-2017-1000366 etc)
Date: Thu, 29 Jun 2017 22:06:08 +0200

Mark H Weaver <mhw <at> netris.org> skribis:

> ludo <at> gnu.org (Ludovic Courtès) writes:
>
>> As discussed yesterday on IRC, here’s a patch that applies the glibc
>> patches for CVE-2017-1000366 in ‘core-updates’.
>>
>> That’s a rebuild-the-world change but we still have work to do in
>> ‘core-updates’ anyway, notably regarding the Perl dot-in-@INC issue.
>>
>> OK for you?
>
> Sounds good to me, but I've already merged 'master' into 'core-updates'
> with this as a graft, so what's remains is to ungraft it there.

Indeed.  I rebased and adjusted the patch and pushed as
503a4df904b8d4b82caebdb17db9c5f76a952418.

Leo, let me know when you feel that we should start a new evaluation.

Thank you,
Ludo’.

This bug report was last modified 7 years and 309 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #27429 Stack clash (CVE-2017-1000366 etc)

GNU bug report logs - #27429
Stack clash (CVE-2017-1000366 etc)