Bug#973914: glibc: CVE-2020-27618

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#973914: glibc: CVE-2020-27618
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 07 Nov 2020 13:03:07 +0100
Message-id: <[🔎] 160475058729.440263.13456451060436862928.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 973914@bugs.debian.org

Source: glibc
Version: 2.31-4
Severity: important
Tags: security upstream
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=26224
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 2.28-10

Hi,

The following vulnerability was published for glibc.

CVE-2020-27618[0]:
| iconv when processing invalid multi-byte input sequences fails to
| advance the input state, which could result in an infinite loop

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-27618
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27618
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=26224

Regards,
Salvatore

Reply to:

Follow-Ups:
- Processed: glibc: CVE-2020-27618
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Processed: glibc: CVE-2020-27618
Next by Date: [Git][glibc-team/glibc][sid] hurd-i386/git-posix_openpt.diff: Note that patch is commited upstream
Previous by thread: Get theredblacktree.wordpress.com On Top Google Search
Next by thread: Processed: glibc: CVE-2020-27618
Index(es):
- Date
- Thread