[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#29490] [PATCH] Revert "gnu: glibc: Fix CVE-2017-15670, CVE-2017-156
From: |
Marius Bakke |
Subject: |
[bug#29490] [PATCH] Revert "gnu: glibc: Fix CVE-2017-15670, CVE-2017-15671." |
Date: |
Wed, 06 Dec 2017 00:03:39 +0100 |
User-agent: |
Notmuch/0.25.2 (https://notmuchmail.org) Emacs/25.3.1 (x86_64-pc-linux-gnu) |
Ludovic Courtès <address@hidden> writes:
> Hello,
>
> Marius Bakke <address@hidden> skribis:
>
>> These issues has been classified as minor by Debian:
>>
>> https://security-tracker.debian.org/tracker/CVE-2017-15670
>> https://security-tracker.debian.org/tracker/CVE-2017-15671
>>
>> ...and is not worth the cost of grafting and maintaining this patch.
>
> I don’t see Debian’s classification as “minor”, but I see NVD severity
> “high” and “medium” (I personally fail to imagine concrete remote
> exploitation scenarios, but I largely lack the mental muscles for this.)
At the bottom of the page is the status for the stable releases, which
didn't get a DSA due to being a minor issue.
The recent update of glibc on core-updates included a fix for a similar
problem:
https://security-tracker.debian.org/tracker/CVE-2017-15671
I suppose we can graft that too, but would prefer to just drop them. We
get the fixes when we merge core-updates in a few weeks anyway.
signature.asc
Description: PGP signature