forcemerge 650790 656108 thanks On Mon, Jan 16, 2012 at 05:02:45PM +0100, Moritz Muehlenhoff wrote: > Package: eglibc > Severity: important > Tags: security > > This was only recently assigned a CVE ID, but since the initial > discussion was from 2009, this is a CVE-2009-* ID. > > There's an integer overflow in tzfile processing, please see > the Red Hat bugzilla for more descriptions and links to > the glibc upstream patches: > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-5029 > > http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=97ac2654b2d831acaa18a2b018b0736245903fd2 > http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=8fa26d571d4b87a1c7a7f19f1365f7e5d2995933 >
This bug has already been fixed in eglibc 2.13-24 for testing and unstable, and is already committed to the stable SVN branch (so for the 6.0.5) release. I have added the CVE number to the changelog for future reference. -- Aurelien Jarno GPG: 1024D/F1BCDB73 aurel...@aurel32.net http://www.aurel32.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
