[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#656108: CVE-2009-5029: Integer overflow in tzfile processing

forcemerge 650790 656108

On Mon, Jan 16, 2012 at 05:02:45PM +0100, Moritz Muehlenhoff wrote:
> Package: eglibc
> Severity: important
> Tags: security
> This was only recently assigned a CVE ID, but since the initial
> discussion was from 2009, this is a CVE-2009-* ID.
> There's an integer overflow in tzfile processing, please see
> the Red Hat bugzilla for more descriptions and links to
> the glibc upstream patches:
> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-5029
> http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=97ac2654b2d831acaa18a2b018b0736245903fd2
> http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=8fa26d571d4b87a1c7a7f19f1365f7e5d2995933

This bug has already been fixed in eglibc 2.13-24 for testing and 
unstable, and is already committed to the stable SVN branch (so for the
6.0.5) release. I have added the CVE number to the changelog for future

Aurelien Jarno	                        GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net

Reply to: