[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#29490: [PATCH] Revert "gnu: glibc: Fix CVE-2017-15670, CVE-2017-1567
bug#29490: [PATCH] Revert "gnu: glibc: Fix CVE-2017-15670, CVE-2017-15671."
Tue, 02 Jan 2018 17:06:27 +0100
Notmuch/0.25.3 (https://notmuchmail.org) Emacs/25.3.1 (x86_64-pc-linux-gnu)
Marius Bakke <address@hidden> writes:
> Ludovic Courtès <address@hidden> writes:
>> Marius Bakke <address@hidden> skribis:
>>> These issues has been classified as minor by Debian:
>>> ...and is not worth the cost of grafting and maintaining this patch.
>> I don’t see Debian’s classification as “minor”, but I see NVD severity
>> “high” and “medium” (I personally fail to imagine concrete remote
>> exploitation scenarios, but I largely lack the mental muscles for this.)
> At the bottom of the page is the status for the stable releases, which
> didn't get a DSA due to being a minor issue.
> The recent update of glibc on core-updates included a fix for a similar
> I suppose we can graft that too, but would prefer to just drop them. We
> get the fixes when we merge core-updates in a few weeks anyway.
I pushed this to core-updates, since I'd rather not re-graft everything
on 'master'. The 2.26 package on core-updates have these fixes anyway.
This particular patch author will do a lot more research on future glibc
Description: PGP signature
- bug#29490: [PATCH] Revert "gnu: glibc: Fix CVE-2017-15670, CVE-2017-15671.",
Marius Bakke <=