Package: glibc Severity: important Tags: security Hi, these three new security issues are unfixed in jessie/sid:
1. Unexpected closing of nss_files databases after lookups causes denial of service (CVE-2014-8121): Patch: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8121 (fix not yet merged upstream) 2. potential application crash due to overread in fnmatch (no CVE yet, CVE request at http://www.openwall.com/lists/oss-security/2015/02/26/5) https://sourceware.org/bugzilla/show_bug.cgi?id=18032 Patch: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185 3. _IO_wstr_overflow integer overflow (no CVE yet, CVE request at http://www.openwall.com/lists/oss-security/2015/02/22/15) https://sourceware.org/bugzilla/show_bug.cgi?id=17269 Patch: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33 Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
