On Thu, 21 Oct 2010 19:36:04 +0200, Aurelien Jarno wrote: > On Mon, Oct 18, 2010 at 06:58:45PM -0400, Michael Gilbert wrote: > > package: eglibc > > version: 2.11.2-6 > > severity: grave > > tag: patch > > > > an issue has been disclosed in eglibc. see: > > http://seclists.org/fulldisclosure/2010/Oct/257 > > > > patch available: > > http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html > > > > I have just committed the fix, I am planning to do an upload soon to > unstable. Do you think we should also fix it in stable? via a security > release?
the exploitability of this issue is questionable, but i think it should be fixed in a DSA just to be safe (based on the precautionary principle). thanks for working on the fix. mike -- To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101021154359.2747ae58.michael.s.gilb...@gmail.com
