Bug#989147: glibc: CVE-2021-33574: mq_notify does not handle separately allocated thread attributes
On 2021-09-08 13:25, Jonas Andradas wrote:
> Hi,
>
> On Sat, 21 Aug 2021 20:14:52 +0200 Aurelien Jarno <aurelien@aurel32.net>
> wrote:
> > Version: 2.32-0experimental0
> >
> > On 2021-05-26 21:57, Salvatore Bonaccorso wrote:
> > > Source: glibc
> > > Version: 2.31-12
> > > Severity: important
> > > Tags: security upstream
> > > Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=27896
> > > X-Debbugs-Cc: carnil@debian.org, Debian Security Team
> <team@security.debian.org>
> > >
> [...snip...]
> >
> > This bug has been fixed in the glibc 2.32-0experimental0 upload to
> > experimental, but wasn't close due to a typo in the changelog. Closing
> > the bug manually.
> >
>
> Is there an estimated timeline for when the experimental, fixed package would
> transition to sid (and possibly testing/bookworm)? Is there an estimate for
The fix is already in sid for a few days. Transition to testing/bookworm
depends on many factors that are out of control of the glibc
maintainers.
> when the fix will be backported to bullseye?
Unfortunately the fixes are not trivial to get backported, as they
depend on new symbols exported through GLIBC_PRIVATE. This is something
in progress, but I have no ETA so far.
Best regards,
Aurelien
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurelien@aurel32.net http://www.aurel32.net
Reply to: