GNU bug report logs - #70581
PHP, glibc, and CVE-2024-2961

Previous Next

Package: guix;

Reported by: "McSinyx" <cnx <at> loang.net>

Date: Fri, 26 Apr 2024 06:46:07 UTC

Severity: normal

Tags: security

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#70581: closed (PHP, glibc, and CVE-2024-2961)
Date: Wed, 18 Dec 2024 07:33:01 +0000

[Message part 1 (text/plain, inline)]

Your message dated Wed, 18 Dec 2024 16:31:37 +0900
with message-id <87a5ctphuu.fsf_-_ <at> gmail.com>
and subject line Re: bug#70581: PHP, glibc, and CVE-2024-2961
has caused the debbugs.gnu.org bug report #70581,
regarding PHP, glibc, and CVE-2024-2961
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
70581: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=70581
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: "McSinyx" <cnx <at> loang.net>
To: <bug-guix <at> gnu.org>
Subject: PHP, glibc, and CVE-2024-2961
Date: Fri, 26 Apr 2024 15:44:50 +0900

Hello Guix,

Last week, an overflow bug in glibc's iconv(3) was discovered:
https://www.openwall.com/lists/oss-security/2024/04/17/9

It may enable remove code execution through PHP.  Due to
the immutable nature of Guix, is it possible to hotpatch
this using graft, or do we need to rebuild to world?
https://rockylinux.org/news/glibc-vulnerability-april-2024/

Kind regards,
McSinyx

[Message part 3 (message/rfc822, inline)]

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: 70581-done <at> debbugs.gnu.org
Cc: Ludovic Courtès <ludo <at> gnu.org>, guix-security <at> gnu.org,
 Liliana Marie Prikler <liliana.prikler <at> ist.tugraz.at>,
 Andreas Enge <andreas <at> enge.fr>, McSinyx <cnx <at> loang.net>,
 Janneke Nieuwenhuizen <janneke <at> gnu.org>
Subject: Re: bug#70581: PHP, glibc, and CVE-2024-2961
Date: Wed, 18 Dec 2024 16:31:37 +0900

Hi

Maxim Cournoyer <maxim.cournoyer <at> gmail.com> writes:

> * gnu/packages/base.scm (%glibc-patches): New variable.
> (glibc) [source]: Use it.
> [properties]: Mark CVE-2024-2961 as hidden (resolved).
> [replacement]: Add field to graft with...
> (glibc/fixed): ... this new package.
>
> Fixes: <https://issues.guix.gnu.org/70581>
> Change-Id: I6dd70b0e157283925824348f180c466c2f6387c9

Applied.

-- 
Thanks,
Maxim

This bug report was last modified 213 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #70581 PHP, glibc, and CVE-2024-2961

GNU bug report logs - #70581
PHP, glibc, and CVE-2024-2961