Bug#600667: Fw: re: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path

To: control@bugs.debian.org, 600667@bugs.debian.org
Subject: Bug#600667: Fw: re: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Tue, 1 Feb 2011 21:19:53 -0500
Message-id: <20110201211953.751c3040.michael.s.gilbert@gmail.com>
Reply-to: Michael Gilbert <michael.s.gilbert@gmail.com>, 600667@bugs.debian.org

reopen 600667
thanks

Maybe I'm reading things wrong, or maybe Mitre's information is
actually incorrect, but it looks like the fixes claimed for
CVE-2010-3847 in 2.11.2-8 actually address CVE-2010-3856 [0] instead.
It looks like CVE-2010-3847 [1] is still unfixed.  The original fix in
-7 may have been correct to begin with?

Best wishes,
Mike

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
http://sourceware.org/ml/libc-hacker/2010-10/msg00010.html
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847
http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html

Reply to:

Follow-Ups:
- Processed: Fw: re: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#600667: Fw: re: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
  - From: Julien Cristau <jcristau@debian.org>
- Bug#600667: Fw: re: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
  - From: Aurelien Jarno <aurelien@aurel32.net>

Prev by Date: Processed: your mail
Next by Date: Processed: Fw: re: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
Previous by thread: Processed: your mail
Next by thread: Processed: Fw: re: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
Index(es):
- Date
- Thread