Re: [PATCH] gnu: glibc: Fix CVE-2014-5519

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] gnu: glibc: Fix CVE-2014-5519

From:	Ludovic Courtès
Subject:	Re: [PATCH] gnu: glibc: Fix CVE-2014-5519
Date:	Wed, 27 Aug 2014 11:22:14 +0200
User-agent:	Gnus/5.130011 (Ma Gnus v0.11) Emacs/24.3 (gnu/linux)

address@hidden skribis:

> I'll push this patch to core-updates as soon as I've tested it.
>
> https://sourceware.org/bugzilla/show_bug.cgi?id=17187
> https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8
> http://googleprojectzero.blogspot.co.nz/2014/08/the-poisoned-nul-byte-2014-edition.html
>
> I'm not sure what we should do on 'master'.  Thoughts?

Since it permits root privilege escalation, and there’s a documented
example on how to do it, the general rule IMO should be that we should
apply it.

However, Hydra is currently in a bad state, esp. disk-space-wise, so I’m
afraid this would prevent us from deploying the fix efficiently.  :-/

So I’m inclined to just leave it on core-updates for now.  WDYT?

That said, perhaps now is a good time to write down rules on how to
handle CVEs.  Would you like to have a stab at it?

Thanks,
Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH] gnu: glibc: Fix CVE-2014-5519, mhw, 2014/08/26
- [PATCH] gnu: glibc: Fix CVE-2014-5119, mhw, 2014/08/26
- Re: [PATCH] gnu: glibc: Fix CVE-2014-5519, Ludovic Courtès <=
  - Re: [PATCH] gnu: glibc: Fix CVE-2014-5519, Andreas Enge, 2014/08/27
    - Re: [PATCH] gnu: glibc: Fix CVE-2014-5519, Ludovic Courtès, 2014/08/27
    - Re: [PATCH] gnu: glibc: Fix CVE-2014-5519, mhw, 2014/08/28
    - Re: [PATCH] gnu: glibc: Fix CVE-2014-5519, Ludovic Courtès, 2014/08/29

Prev by Date: guix.el vs. Emacs packages
Next by Date: Re: [PATCH] gnu: glibc: Fix CVE-2014-5519
Previous by thread: [PATCH] gnu: glibc: Fix CVE-2014-5119
Next by thread: Re: [PATCH] gnu: glibc: Fix CVE-2014-5519
Index(es):
- Date
- Thread