Bug#245029: Acknowledgement (libc6: SIGSEGV in getgrouplist()/getpwnam())
On Wed, 21 Apr 2004 12:47:58 +0200
BUCHMULLER Norbert <norbi.spam@nix.hu> wrote:
> Isn't it CAN-2003-0689? (I have not seen that fixed in libc6's
It _is_.
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=101691 states that
2.2.5 is affected, and, that the bug is in libc/grp/initgroups.c, and that
the revision that fixes the bug is 1.29.
>From the CVS log
(http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/grp/initgroups.c?cvsro
ot=glibc)
I see that the fix was done in 1.29 indeed, and having a look at the diff
between 1.29 and 1.28 revealed that Debian's 2.2.5-11.5 has revision 1.28
of that file, not 1.29.
Now it is clear that this bug is the same as in CAN-2003-0689. Debian is
still vulnerable. :-(
Please fix it. Thanks.
norbi
Reply to: