diff options
| author | Marius Bakke <mbakke@fastmail.com> | 2017-11-28 18:04:36 +0100 |
|---|---|---|
| committer | Marius Bakke <mbakke@fastmail.com> | 2018-01-02 16:55:17 +0100 |
| commit | 0c86790bfdf5a3e61bff6e289c1dcef16154a27b (patch) | |
| tree | 49a36fe3e321a4e622e5ebb6cbd99b96c1b56957 /gnu/packages | |
| parent | 4adde2a9192c671ead0b37a2c8da67081a44a2dc (diff) | |
Revert "gnu: glibc: Fix CVE-2017-15670, CVE-2017-15671."
These issues has been classified as minor by Debian:
https://security-tracker.debian.org/tracker/CVE-2017-15670
https://security-tracker.debian.org/tracker/CVE-2017-15671
In addition, the patch only fixes one of the two CVEs it claims to fix. We
don't backport most CVEs, especially non-critical ones, so no need to carry
this (which is in 2.26). See discussion at <https://bugs.gnu.org/29490>.
This reverts commit 60e29339d8389e678bb9ca4bd3420ee9ee88bdf2.
Diffstat (limited to 'gnu/packages')
| -rw-r--r-- | gnu/packages/base.scm | 4 | ||||
| -rw-r--r-- | gnu/packages/patches/glibc-CVE-2017-15670-15671.patch | 27 |
2 files changed, 0 insertions, 31 deletions
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 53db5fe007..ee92c49f4e 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -852,7 +852,6 @@ GLIBC/HURD for a Hurd host" "glibc-o-largefile.patch" "glibc-vectorized-strcspn-guards.patch" "glibc-CVE-2015-5180.patch" - "glibc-CVE-2017-15670-15671.patch" "glibc-CVE-2017-1000366-pt1.patch" "glibc-CVE-2017-1000366-pt2.patch" "glibc-CVE-2017-1000366-pt3.patch")))))) @@ -873,7 +872,6 @@ GLIBC/HURD for a Hurd host" "glibc-o-largefile.patch" "glibc-vectorized-strcspn-guards.patch" "glibc-CVE-2015-5180.patch" - "glibc-CVE-2017-15670-15671.patch" "glibc-CVE-2017-1000366-pt1.patch" "glibc-CVE-2017-1000366-pt2.patch" "glibc-CVE-2017-1000366-pt3.patch")))))) @@ -897,7 +895,6 @@ GLIBC/HURD for a Hurd host" "glibc-CVE-2016-3075.patch" "glibc-CVE-2016-3706.patch" "glibc-CVE-2016-4429.patch" - "glibc-CVE-2017-15670-15671.patch" "glibc-CVE-2017-1000366-pt1.patch" "glibc-CVE-2017-1000366-pt2.patch" "glibc-CVE-2017-1000366-pt3.patch")))))) @@ -920,7 +917,6 @@ GLIBC/HURD for a Hurd host" "glibc-CVE-2016-3075.patch" "glibc-CVE-2016-3706.patch" "glibc-CVE-2016-4429.patch" - "glibc-CVE-2017-15670-15671.patch" "glibc-CVE-2017-1000366-pt1.patch" "glibc-CVE-2017-1000366-pt2.patch" "glibc-CVE-2017-1000366-pt3.patch")))) diff --git a/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch b/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch deleted file mode 100644 index 76d688c517..0000000000 --- a/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch +++ /dev/null @@ -1,27 +0,0 @@ -Fix CVE-2017-15670: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15670 -https://sourceware.org/bugzilla/show_bug.cgi?id=22320 -https://bugzilla.redhat.com/show_bug.cgi?id=1504804 - -And CVE-2017-15671: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671 -https://sourceware.org/bugzilla/show_bug.cgi?id=22325 -https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15671 - -Copied from upstream: -<https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=2d1bd71ec70a31b01d01b734faa66bb1ed28961f> - -diff --git a/posix/glob.c b/posix/glob.c ---- a/posix/glob.c -+++ b/posix/glob.c -@@ -843,7 +843,7 @@ - *p = '\0'; - } - else -- *((char *) mempcpy (newp, dirname + 1, end_name - dirname)) -+ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1)) - = '\0'; - user_name = newp; - } |