[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: eglibc update for GHOST CVE-2015-0235

On Tue, 2015-01-27 at 23:47 +0100, Nicolas Chipaux wrote:
> Hello folks,
> For our internal use at Gandi.net, we created a source package for eglibc 
> with the fix for the CVE 2015-0235 taken from the eglibc package from 
> Debian wheezy 2.13-38+deb7u7 : any/cvs-gethostbyname.diff. In order to 
> release quickly, we disabled the test in this patch during the build.
> You can find the three files of the source package at this URL : 
>     http://as29169.net/debian/

I'm also looking at this, the thing I'm stuck on is creating a test that
verified the patch was correctly included.  That is, the test in the
patch isn't enough to show the issue in the old code.  

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: