Package: libc6 Version: 2.7-4 libc6 as found in testing and in unstable (versions 2.7-3 and 2.7-4 respectively) have a bug in the vfscanf() implementation, found in the file glibc-2.7/stdio-common/vfscanf.c . The bug causes a pointer originally procured from alloca() to be passed to free(), resulting in a predictable kaboom. The GNU libc development team has since fixed this bug, according to the CVS browser view at [1]; note revision 1.128 in particular. This issue turned up while trying to use genext2fs after a libc6 upgrade from testing. The genext2fs package has an apparently related FTBFS bug logged on it right now. I would characterize this bug as critical: it causes previously working programs to crash through no fault of their own, and might be speculated to affect any program that took the easy route with configuration parsing by feeding input lines to sscanf(), much as genext2fs does. [1] http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/stdio-common/vfscanf.c?cvsroot=glibc -- Kalle A. Sandstro"m ksandstr@iki.fi 746B 4B14: BFB5 6D3B 0758 CFBE 11F9 DF41 4C28 67FB 746B 4B14 void *truth = &truth; http://iki.fi/ksandstr/
Attachment:
signature.asc
Description: Digital signature