[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#28933] [PATCH] gnu: glibc: Fix CVE-2017-15670, CVE-2017-15671.
|
From: |
Marius Bakke |
|
Subject: |
[bug#28933] [PATCH] gnu: glibc: Fix CVE-2017-15670, CVE-2017-15671. |
|
Date: |
Sun, 22 Oct 2017 20:36:06 +0200 |
|
User-agent: |
Notmuch/0.25.1 (https://notmuchmail.org) Emacs/25.3.1 (x86_64-pc-linux-gnu) |
Leo Famulari <address@hidden> writes:
> On Sat, Oct 21, 2017 at 11:17:32PM +0200, Marius Bakke wrote:
>> * gnu/packages/patches/glibc-CVE-2017-15670-15671.patch: New file.
>> * gnu/local.mk (dist_patch_DATA): Register it.
>> * gnu/packages/base.scm (glibc/linux)[replacement]: New field.
>> (glibc/fixed): New variable.
>
> Thanks!
>
> Do you think we need to do anything special with the glibc packages
> besides glibc/linux, such as glibc/hurd, glibc-2.24, etc?
It probably should be picked to the earlier glibcs as well, IIRC the
affected code was from 1997. I'll try this and amend the patch.
Not sure about glibc/hurd, but I notice it does not have the other
security patches that 'glibc-2.23' has. Picking those should be left to
someone able to easily test it IMO.
Side-note: I was really surprised that grafting glibc had become *this
easy*, but it seems to work in my testing. I'll push this after
patching the older glibc variants unless there are further comments.
signature.asc
Description: PGP signature