[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: eglibc update for GHOST CVE-2015-0235

On Wed, 2015-01-28 at 13:39 +1300, Andrew Bartlett wrote:
> On Tue, 2015-01-27 at 23:47 +0100, Nicolas Chipaux wrote:
> > Hello folks,
> > 
> > For our internal use at Gandi.net, we created a source package for eglibc 
> > with the fix for the CVE 2015-0235 taken from the eglibc package from 
> > Debian wheezy 2.13-38+deb7u7 : any/cvs-gethostbyname.diff. In order to 
> > release quickly, we disabled the test in this patch during the build.
> > 
> > You can find the three files of the source package at this URL : 
> >     http://as29169.net/debian/
> I'm also looking at this, the thing I'm stuck on is creating a test that
> verified the patch was correctly included.  That is, the test in the
> patch isn't enough to show the issue in the old code.  

There's a test in the disclosure here (section 4):



Ben Hutchings
Teamwork is essential - it allows you to blame someone else.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: