Bug#600667: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
On Mon, Oct 18, 2010 at 06:58:45PM -0400, Michael Gilbert wrote:
> package: eglibc
> version: 2.11.2-6
> severity: grave
> tag: patch
>
> an issue has been disclosed in eglibc. see:
> http://seclists.org/fulldisclosure/2010/Oct/257
>
> patch available:
> http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html
>
I have just committed the fix, I am planning to do an upload soon to
unstable. Do you think we should also fix it in stable? via a security
release?
--
Aurelien Jarno GPG: 1024D/F1BCDB73
aurelien@aurel32.net http://www.aurel32.net
Reply to: