Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications
* Moritz Mühlenhoff:
> Am Wed, Sep 09, 2020 at 12:30:44PM +0200 schrieb Aurelien Jarno:
>> control: forcemerge 967938 969926
>>
>> Hi,
>>
>> On 2020-09-09 02:58, Bernd Zeimetz wrote:
>> > Source: glibc
>> > Version: 2.28-10
>> > Severity: serious
>> > Tags: security upstream patch
>> > X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
>> >
>> > Hi,
>> >
>> > we are running into the bug
>> > https://sourceware.org/bugzilla/show_bug.cgi?id=20338
>> > causing systemd-sysusers to segfault.
>> >
>> > Patch is available in the linked bug report.
>>
>> This has already been reported, Florian will work on a backport, as it
>> is not straightforward to backport it to buster due to the usage of
>> private symbols.
>
> Florian, did you manage to backport this to 2.31? It would be nice to get this
> fixed for a Buster point release still.
Do you mean 2.28? DJ Delorie did the backport, and Carlos O'Donell
implemented the GLIBC_PRIVATE ABI compatibility fix. I'll see if I
can get the patches to apply to Debian's 2.28 tree.
Reply to: