[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] maint: update to latest gnulib



On Thu, Jan 31, 2013 at 16:34:24 -0700, Eric Blake wrote:
> CVE-2013-0242 in glibc's regex() can cause a DoS in any daemon
> that runs a regex search on user input while in a multibyte locale.
> I'm not sure how hard it would be to trigger such a setup for
> libvirtd, but rather than risk things, we can avoid the issue:
> gnulib has worked around the problem, and by updating to the latest
> gnulib, we can avoid the bug even on platforms where glibc has yet
> to be patched.
> 
> * .gnulib: Update to latest, for various fixes, including regex.
> * bootstrap: Resync from upstream.

ACK

Jirka


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]