Bug#656108: CVE-2009-5029: Integer overflow in tzfile processing
forcemerge 650790 656108
thanks
On Mon, Jan 16, 2012 at 05:02:45PM +0100, Moritz Muehlenhoff wrote:
> Package: eglibc
> Severity: important
> Tags: security
>
> This was only recently assigned a CVE ID, but since the initial
> discussion was from 2009, this is a CVE-2009-* ID.
>
> There's an integer overflow in tzfile processing, please see
> the Red Hat bugzilla for more descriptions and links to
> the glibc upstream patches:
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-5029
>
> http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=97ac2654b2d831acaa18a2b018b0736245903fd2
> http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=8fa26d571d4b87a1c7a7f19f1365f7e5d2995933
>
This bug has already been fixed in eglibc 2.13-24 for testing and
unstable, and is already committed to the stable SVN branch (so for the
6.0.5) release. I have added the CVE number to the changelog for future
reference.
--
Aurelien Jarno GPG: 1024D/F1BCDB73
aurelien@aurel32.net http://www.aurel32.net
Reply to: