Bug#681473: CVE-2012-3404 CVE-2012-3405 CVE-2012-3406

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#681473: CVE-2012-3404 CVE-2012-3405 CVE-2012-3406
From: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Fri, 13 Jul 2012 15:41:23 +0200
Message-id: <[🔎] 20120713134123.16601.79215.reportbug@vurm.knut.univention.de>
Reply-to: Moritz Muehlenhoff <muehlenhoff@univention.de>, 681473@bugs.debian.org

Package: eglibc
Severity: important
Tags: security

Hi,
please see http://www.openwall.com/lists/oss-security/2012/07/11/17 for details
and references to upstream patches.

The security impact is rather low IMO; if the format strings are under control
of a attacker, this opens a whole can of worms anyway.

Still, it would be nice to get these fixed for Wheezy and for Squeeze in a point
update.

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Bug#681473: CVE-2012-3404 CVE-2012-3405 CVE-2012-3406
  - From: Aurelien Jarno <aurelien@aurel32.net>
- Bug#681473: marked as done (CVE-2012-3404 CVE-2012-3405)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#555168: [Traduc] Bug#555168: Unclear license situation for (e)glibc locales provided by you
Next by Date: Bug#555168: Unclear license situation for (e)glibc locales provided by you
Previous by thread: Bug#555168: [Traduc] Bug#555168: Unclear license situation for (e)glibc locales provided by you
Next by thread: Bug#681473: CVE-2012-3404 CVE-2012-3405 CVE-2012-3406
Index(es):
- Date
- Thread