Bug#656108: CVE-2009-5029: Integer overflow in tzfile processing

To: Moritz Muehlenhoff <muehlenhoff@univention.de>, 656108@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Bug#656108: CVE-2009-5029: Integer overflow in tzfile processing
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Mon, 16 Jan 2012 19:04:19 +0100
Message-id: <20120116180419.GE22141@hall.aurel32.net>
Reply-to: Aurelien Jarno <aurelien@aurel32.net>, 656108@bugs.debian.org
In-reply-to: <20120116160245.15701.66604.reportbug@vurm.knut.univention.de>
References: <20120116160245.15701.66604.reportbug@vurm.knut.univention.de>

forcemerge 650790 656108
thanks

On Mon, Jan 16, 2012 at 05:02:45PM +0100, Moritz Muehlenhoff wrote:
> Package: eglibc
> Severity: important
> Tags: security
> 
> This was only recently assigned a CVE ID, but since the initial
> discussion was from 2009, this is a CVE-2009-* ID.
> 
> There's an integer overflow in tzfile processing, please see
> the Red Hat bugzilla for more descriptions and links to
> the glibc upstream patches:
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-5029
> 
> http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=97ac2654b2d831acaa18a2b018b0736245903fd2
> http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=8fa26d571d4b87a1c7a7f19f1365f7e5d2995933
> 

This bug has already been fixed in eglibc 2.13-24 for testing and 
unstable, and is already committed to the stable SVN branch (so for the
6.0.5) release. I have added the CVE number to the changelog for future
reference.

-- 
Aurelien Jarno	                        GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net

Reply to:

References:
- Bug#656108: CVE-2009-5029: Integer overflow in tzfile processing
  - From: Moritz Muehlenhoff <muehlenhoff@univention.de>

Prev by Date: Processed: tagging 650790
Next by Date: r5123 - glibc-package/trunk/debian
Previous by thread: Bug#656108: CVE-2009-5029: Integer overflow in tzfile processing
Next by thread: Processed: tagging 650790
Index(es):
- Date
- Thread