[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#245029: Acknowledgement (libc6: SIGSEGV in getgrouplist()/getpwnam())

On Wed, 21 Apr 2004 12:47:58 +0200
BUCHMULLER Norbert <norbi.spam@nix.hu> wrote:

> Isn't it CAN-2003-0689? (I have not seen that fixed in libc6's

It _is_.

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=101691 states that
2.2.5 is affected, and, that the bug is in libc/grp/initgroups.c, and that
the revision that fixes the bug is 1.29.

>From the CVS log
(http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/grp/initgroups.c?cvsro
ot=glibc)
I see that the fix was done in 1.29 indeed, and having a look at the diff
between 1.29 and 1.28 revealed that Debian's 2.2.5-11.5 has revision 1.28
of that file, not 1.29.

Now it is clear that this bug is the same as in CAN-2003-0689. Debian is
still vulnerable. :-(

Please fix it. Thanks.

norbi
Reply to: