On Tue, 2015-01-27 at 23:47 +0100, Nicolas Chipaux wrote: > Hello folks, > > For our internal use at Gandi.net, we created a source package for eglibc > with the fix for the CVE 2015-0235 taken from the eglibc package from > Debian wheezy 2.13-38+deb7u7 : any/cvs-gethostbyname.diff. In order to > release quickly, we disabled the test in this patch during the build. > > You can find the three files of the source package at this URL : > http://as29169.net/debian/ I'm also looking at this, the thing I'm stuck on is creating a test that verified the patch was correctly included. That is, the test in the patch isn't enough to show the issue in the old code. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Attachment:
signature.asc
Description: This is a digitally signed message part