bug#27429: Stack clash (CVE-2017-1000366 etc)

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#27429: Stack clash (CVE-2017-1000366 etc)

From:	Mark H Weaver
Subject:	bug#27429: Stack clash (CVE-2017-1000366 etc)
Date:	Thu, 29 Jun 2017 11:49:41 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)

address@hidden (Ludovic Courtès) writes:

> As discussed yesterday on IRC, here’s a patch that applies the glibc
> patches for CVE-2017-1000366 in ‘core-updates’.
>
> That’s a rebuild-the-world change but we still have work to do in
> ‘core-updates’ anyway, notably regarding the Perl address@hidden issue.
>
> OK for you?

Sounds good to me, but I've already merged 'master' into 'core-updates'
with this as a graft, so what's remains is to ungraft it there.

Also note that when I merged it, I forgot to add
"glibc-memchr-overflow-i686.patch" to the older variants of 'glibc'.
Unfortunately, this was a case where git merge automatically did the
wrong thing, without any conflict.  I was going to fix this soon by
eliminating the redundant lists of patches, but now I won't have to.

     Thanks,
       Mark

[Prev in Thread]

Current Thread

[Next in Thread]

bug#27429: Stack clash (CVE-2017-1000366 etc), (continued)

Prev by Date: bug#27467: Xfce broken, because it propagates two different versions of gtk+
Next by Date: bug#27467: Xfce broken, because it propagates two different versions of gtk+
Previous by thread: bug#27429: Stack clash (CVE-2017-1000366 etc)
Next by thread: bug#27429: Stack clash (CVE-2017-1000366 etc)
Index(es):
- Date
- Thread