On Wednesday, October 13, 2010 18:38:14 Bruno Haible wrote: > Mike Frysinger wrote: > > i havent seen any mention on glibc or gnulib lists of CVE-2010-2632. the > > report claims glibc is affected, and since the gnulib/glibc > > implementations are pretty similar, gnulib would be as well. i dont > > suppose there is a bug report somewhere i could follow for status on > > this ? > > > > http://securityreason.com/exploitalert/9223 > > But why should this be a bug in libc?
the original report discussed GLOB_LIMIT not functioning correctly which would
make it a bug in libc:
http://securityreason.com/achievement_securityalert/89
but i see now that this is a BSD-specific enhancement and not available in
gnulib/glibc. so nm my noise.
> Just my 0.02 €. Feel free to open a bug in glibc bugzilla if you want to
> hear Ulrich Drepper's opinion.
i'm sure i can find more useful things to do. like punching rusty nails.
-mike
signature.asc
Description: This is a digitally signed message part.
