Tags Tags

Bug#600667: Fw: re: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path

February 01st, 2011 - 09:30 pm ET by Michael Gilbert | Report spam
Help Create a new topic
reopen 600667
thanks

Maybe I'm reading things wrong, or maybe Mitre's information is
actually incorrect, but it looks like the fixes claimed for
CVE-2010-3847 in 2.11.2-8 actually address CVE-2010-3856 [0] instead.
It looks like CVE-2010-3847 [1] is still unfixed. The original fix in
-7 may have been correct to begin with?

Best wishes,
Mike

[0] http://cve.mitre.org/cgi-bin/cvenam...-2010-3856
http://sourceware.org/ml/libc-hacke...00010.html
[1] http://cve.mitre.org/cgi-bin/cvenam...-2010-3847
http://sourceware.org/ml/libc-hacke...00007.html



To UNSUBSCRIBE, email to debian-bugs-rc-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
email Follow the discussionReplies 3 repliesReplies Make a reply

Replies

#1 owner
February 01st, 2011 - 09:30 pm ET | Report spam
Processing commands for :

reopen 600667


Bug #600667 {Done: "Florian Weimer,,," } [eglibc] eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
'reopen' may be inappropriate when a bug has been closed with a version;
you may need to use 'found' to remove fixed versions.
thanks


Stopping processing here.

Please contact me if you need assistance.
600667: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug`0667
Debian Bug Tracking System
Contact with problems


To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact

Similar topics

Make your own search :