Bug#777197: glibc: CVE-2015-1472

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#777197: glibc: CVE-2015-1472
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Fri, 06 Feb 2015 08:43:37 +0100
Message-id: <[🔎] 20150206074337.23179.79764.reportbug@m25s06.vlinux.de>
Reply-to: Moritz Muehlenhoff <jmm@inutil.org>, 777197@bugs.debian.org

Package: glibc
Severity: grave
Tags: security
Justification: user security hole

Hi,
please see https://sourceware.org/bugzilla/show_bug.cgi?id=16618
The patch is here: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06

This was introduced by https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0
(2.15). Since the patch was backported into wheezy, it is also
affected (while squeeze is not).

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Bug#777197: glibc: CVE-2015-1472
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Bug#777197: glibc: CVE-2015-1472
  - From: Aurelien Jarno <aurelien@aurel32.net>
- Bug#777197: marked as done (glibc: CVE-2015-1472 CVE-2015-1473)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#777197: marked as done (glibc: CVE-2015-1472 CVE-2015-1473)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#776994: Random DNS lookup failure when mixing IPV6 and IPV4 resolver and using rotate option on /etc/resolv.conf
Next by Date: Bug#777197: glibc: CVE-2015-1472
Previous by thread: Bug#776994: Random DNS lookup failure when mixing IPV6 and IPV4 resolver and using rotate option on /etc/resolv.conf
Next by thread: Bug#777197: glibc: CVE-2015-1472
Index(es):
- Date
- Thread