Re: [SECURITY] [DSA 3481-1] glibc security update

To: Jan Lühr <jan@jluehr.de>
Cc: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 3481-1] glibc security update
From: Lupe Christoph <lupe@lupe-christoph.de>
Date: Wed, 17 Feb 2016 12:09:40 +0100
Message-id: <[🔎] 20160217110940.GA18792@lupe-christoph.de>
Mail-followup-to: Jan Lühr <jan@jluehr.de>, debian-security@lists.debian.org
In-reply-to: <[🔎] 56C44429.3070303@jluehr.de>
References: <E1aVgSR-0003M5-RI@master.debian.org> <[🔎] 56C44429.3070303@jluehr.de>

On Wednesday, 2016-02-17 at 10:58:01 +0100, Jan Lühr wrote:

> Am 02/16/2016 um 03:18 PM schrieb Salvatore Bonaccorso:

> > CVE-2015-7547
> >     The Google Security Team and Red Hat discovered that the glibc

> Comparing the age (2015-07) and the severity: Can you give some details
> on the situation? Why was the bug fixed so late?

Read this:
https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
and this:
https://sourceware.org/bugzilla/show_bug.cgi?id=18665

> Which parties influenced the release date?

The submitter of the Bugzilla ticket who did not provide example code.
Gap between 2015-08-22 14:59:40 UTC and 2016-02-16 14:11:42 UTC.

HTH,
Lupe Christoph
-- 
| As everyone knows, it was predicted that the world would end last       |
| Wednesday at 10:00 PST.  Since there appears to be a world in existence |
| now, the entire universe must therefore have been recreated, complete   |
| with an apparent "history", last *Thursday*.  QED.                      |
| Seanna Watson, <1992Nov2.165142.11847@bcrka451.bnr.ca>                  |

Reply to:

References:
- Re: [SECURITY] [DSA 3481-1] glibc security update
  - From: Jan Lühr <jan@jluehr.de>

Prev by Date: Re: [SECURITY] [DSA 3481-1] glibc security update
Next by Date: Re: [SECURITY] [DSA 3481-1] glibc security update
Previous by thread: Re: [SECURITY] [DSA 3481-1] glibc security update
Next by thread: Re: [SECURITY] [DSA 3481-1] glibc security update
Index(es):
- Date
- Thread