GNU bug report logs - #28933
[PATCH] gnu: glibc: Fix CVE-2017-15670, CVE-2017-15671.

Previous Next

Package: guix-patches;

Reported by: Marius Bakke <mbakke <at> fastmail.com>

Date: Sat, 21 Oct 2017 21:18:01 UTC

Severity: normal

Tags: patch

Done: Marius Bakke <mbakke <at> fastmail.com>

Bug is archived. No further changes may be made.

Full log

Message #16 received at 28933-done <at> debbugs.gnu.org (full text, mbox):

From: Marius Bakke <mbakke <at> fastmail.com>
To: Leo Famulari <leo <at> famulari.name>
Cc: "Mark H. Weaver" <mhw <at> netris.org>, 28933-done <at> debbugs.gnu.org
Subject: Re: [bug#28933] [PATCH] gnu: glibc: Fix CVE-2017-15670,
 CVE-2017-15671.
Date: Sun, 22 Oct 2017 23:15:29 +0200

[Message part 1 (text/plain, inline)]

Marius Bakke <mbakke <at> fastmail.com> writes:

> Leo Famulari <leo <at> famulari.name> writes:
>
>> On Sat, Oct 21, 2017 at 11:17:32PM +0200, Marius Bakke wrote:
>>> * gnu/packages/patches/glibc-CVE-2017-15670-15671.patch: New file.
>>> * gnu/local.mk (dist_patch_DATA): Register it.
>>> * gnu/packages/base.scm (glibc/linux)[replacement]: New field.
>>> (glibc/fixed): New variable.
>>
>> Thanks!
>>
>> Do you think we need to do anything special with the glibc packages
>> besides glibc/linux, such as glibc/hurd, glibc-2.24, etc?
>
> It probably should be picked to the earlier glibcs as well, IIRC the
> affected code was from 1997.  I'll try this and amend the patch.

Pushed to master as 60e29339d8389e678bb9ca4bd3420ee9ee88bdf2.

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 7 years and 274 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #28933 [PATCH] gnu: glibc: Fix CVE-2017-15670, CVE-2017-15671.

GNU bug report logs - #28933
[PATCH] gnu: glibc: Fix CVE-2017-15670, CVE-2017-15671.