[Bug 906961] Re: timezone file integer overflow
Tyler Hicks
tyhicks at canonical.com
Fri Dec 23 21:34:51 UTC 2011
** Changed in: eglibc (Ubuntu)
Status: New => Triaged
** Changed in: eglibc (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/906961
Title:
timezone file integer overflow
Status in “eglibc” package in Ubuntu:
Triaged
Bug description:
This is CVE-2009-5029. Given the uncommon situations where TZ files are processed by privileged applications, this is not urgent, though there are now examples of this being used in the wild:
http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html
Fixed in:
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=97ac2654b2d831acaa18a2b018b0736245903fd2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/906961/+subscriptions
More information about the foundations-bugs
mailing list