Re: Fwd: Processed: Re: Bug#408929: emacs21: crash on spam

To: Jérôme Marant <jmarant@free.fr>, Romain Francoise <rfrancoise@debian.org>, debian-release@lists.debian.org, Hendrik Tews <H.Tews@cs.ru.nl>, 408929@bugs.debian.org
Subject: Re: Fwd: Processed: Re: Bug#408929: emacs21: crash on spam
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Sun, 4 Feb 2007 23:03:44 +0100
Message-id: <[🔎] 20070204220344.GA3342@galadriel.inutil.org>
In-reply-to: <[🔎] 20070204213641.GK15174@mauritius.dodds.net>
References: <17853.55713.442742.946337@tandem.cs.ru.nl> <87ireip1ei.fsf@pacem.orebokech.com> <20070204121537.GJ15174@mauritius.dodds.net> <878xfeoxeo.fsf@pacem.orebokech.com> <[🔎] 200702041356.40694.jmarant@free.fr> <[🔎] 20070204213641.GK15174@mauritius.dodds.net>

Steve Langasek wrote:
> So if there's no evidence of arbitrary code execution, I think it's
> appropriate here to downgrade the bug -- but the security team should also
> be apprised.

glibc 2.3.4 introduced more secure heap management, which renders several
code injection attacks moot. (most notably double frees)
The message that was posted in the bug report appears to trigger such a
sanity check. 
But it might be possible that smarter attacks might circumvent the glibc checks
in the future, so we should err on the safe side and apply Romain's patch.

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: Bug#408929: Fwd: Processed: Re: Bug#408929: emacs21: crash on spam
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- Fwd: Processed: Re: Bug#408929: emacs21: crash on spam
  - From: Jérôme Marant <jmarant@free.fr>
- Re: Fwd: Processed: Re: Bug#408929: emacs21: crash on spam
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: hint of gaming related packages
Next by Date: Re: Please schedule PowerPC binNMU for gtimer 1.1.6-11
Previous by thread: Re: Fwd: Processed: Re: Bug#408929: emacs21: crash on spam
Next by thread: Re: Bug#408929: Fwd: Processed: Re: Bug#408929: emacs21: crash on spam
Index(es):
- Date
- Thread