[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#989147: glibc: CVE-2021-33574: mq_notify does not handle separately allocated thread attributes

On 2021-09-08 13:25, Jonas Andradas wrote:
> Hi, 
> 
> On Sat, 21 Aug 2021 20:14:52 +0200 Aurelien Jarno <aurelien@aurel32.net> 
> wrote:
> > Version: 2.32-0experimental0
> > 
> > On 2021-05-26 21:57, Salvatore Bonaccorso wrote:
> > > Source: glibc
> > > Version: 2.31-12
> > > Severity: important
> > > Tags: security upstream
> > > Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=27896
> > > X-Debbugs-Cc: carnil@debian.org, Debian Security Team 
> <team@security.debian.org>
> > > 
> [...snip...]
> > 
> > This bug has been fixed in the glibc 2.32-0experimental0 upload to
> > experimental, but wasn't close due to a typo in the changelog. Closing
> > the bug manually.
> > 
> 
> Is there an estimated timeline for when the experimental, fixed package would 
> transition to sid (and possibly testing/bookworm)?  Is there an estimate for 

The fix is already in sid for a few days. Transition to testing/bookworm
depends on many factors that are out of control of the glibc
maintainers.

> when the fix will be backported to bullseye? 

Unfortunately the fixes are not trivial to get backported, as they
depend on new symbols exported through GLIBC_PRIVATE. This is something
in progress, but I have no ETA so far.

Best regards,
Aurelien 

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                 http://www.aurel32.net
Reply to: