Bug#969926: glibc: Parsing of /etc/gshadow can return bad pointers causing segfaults in applications
control: forcemerge 967938 969926
Hi,
On 2020-09-09 02:58, Bernd Zeimetz wrote:
> Source: glibc
> Version: 2.28-10
> Severity: serious
> Tags: security upstream patch
> X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
>
> Hi,
>
> we are running into the bug
> https://sourceware.org/bugzilla/show_bug.cgi?id=20338
> causing systemd-sysusers to segfault.
>
> Patch is available in the linked bug report.
This has already been reported, Florian will work on a backport, as it
is not straightforward to backport it to buster due to the usage of
private symbols.
> As it was flagged security in the upstream bugtracker, I'm doing the
> same here.
The bug is actually tagged as security- in the upstream bug tracker,
which means it has been reviewed from the security point of view, and
hasn't been considered as a security issue.
Regards,
Aurelien
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurelien@aurel32.net http://www.aurel32.net
Reply to: