Re: CVE-2018-20796 (glibc) - verifying status?

To: wlfgang@westridgesystems.com
Cc: debian-security-tracker@lists.debian.org
Subject: Re: CVE-2018-20796 (glibc) - verifying status?
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 9 Jan 2026 07:51:09 +0100
Message-id: <[🔎] aWClXU5pGT-CU7MI@eldamar.lan>
Mail-followup-to: wlfgang@westridgesystems.com, debian-security-tracker@lists.debian.org
In-reply-to: <[🔎] f375c8f2b5785ec7166cacc6c3e686e4@westridgesystems.com>
References: <[🔎] f375c8f2b5785ec7166cacc6c3e686e4@westridgesystems.com>

Hi

On Tue, Jan 06, 2026 at 04:17:04PM -0500, wlfgang@westridgesystems.com wrote:
> Hello,
> 
> I am new to this group, so please forgive me if I'm asking in the wrong
> place. I am trying to verify that the Status entries (currently 'vulnerable'
> for all versions) are correct for CVE-2018-20796, or if the entries should
> be updated. (https://security-tracker.debian.org/tracker/CVE-2018-20796)
> 
> The NVD description seems to imply that this CVE only affected glibc <=
> 2.29. I'm not sure whether that's accurate.
> 
> Please let me know if there's something I can do to contribute; I'm happy to
> do some legwork if required.

The security-tracker notes give additional background on the CVE.

p.s.: do never trust versions in CVE descriptions as they (may)
reflect only a given state in a certain point in time. It might have
been fixed in the end in some later version, but we treat this CVE as
unimportant as upstream does not consider such issues as security
issues.

Regards,
Salvatore

Reply to:

References:
- CVE-2018-20796 (glibc) - verifying status?
  - From: wlfgang@westridgesystems.com

Prev by Date: External check
Next by Date: External check
Previous by thread: CVE-2018-20796 (glibc) - verifying status?
Next by thread: External check
Index(es):
- Date
- Thread