[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2010-3847 fixed or not?

Ok, I had a look at the issue, and a far as I can see
debian/patches/any/cvs-ignore-origin-privileged.diff (which is applied)
does fix the problems.

I can not claim to have understood the topic in its entirety, though and I
am by no means an expert in *libc. As such I do not understand the
patches/any/cvs-dont-expand-dst-twice.diff and
debian/patches/any/cvs-audit-suid.diff, though they seem to address the
problems described in CVE-2010-3856.

So, somebody else might still have a look at that.


[...] If you don't want to be restricted, don't agree to it. If you are
coerced, comply as much as you must to protect yourself, just don't support
it. Noone can free you but yourself. (crag, on Debian Planet)
Arne Wichmann (aw@linux.de)

Attachment: signature.asc
Description: Digital signature

Reply to: