timezone file integer overflow
Bug #906961 reported by
Kees Cook
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| eglibc (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
This is CVE-2009-5029. Given the uncommon situations where TZ files are processed by privileged applications, this is not urgent, though there are now examples of this being used in the wild:
http://
Fixed in: http://
| visibility: | private → public |
| Changed in eglibc (Ubuntu): | |
| status: | New → Triaged |
| importance: | Undecided → Medium |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in eglibc (Ubuntu): | |
| status: | Triaged → Fix Released |
To post a comment you must log in.
This bug was fixed in the package eglibc - 2.13-24ubuntu1
---------------
eglibc (2.13-24ubuntu1) precise; urgency=low
* Merge with Debian (r5108), bringing in an ARM header patch, and a fix
for CVE-2009-5029, an integer overflow in timezone code (LP: #906961)
eglibc (2.13-24) unstable; urgency=low
* patches/
<bits/
* Add m68k expected tests results.
* Update Russian debconf translation, by Yuri Kozlov. Closes: #652428.
* Update German debconf translation, by Helge Kreutzman. Closes: #652556.
* patches/
Closes: #650790.
* Don't provide debugging symbols for libc-bin, libc-dev-bin and nscd
packages to avoid conflicts with multiarch.
* sysdeps/armel.mk, sysdeps/armhf.mk: fix cross compiling.
* Update Dutch debconf translation, by Jeroen Schot. Closes: #652632.
* patches/
* kfreebsd/
* patches/
* patches/
<sys/
* Update French debconf translation, by Christian Perrier. Closes:
#652860.
-- Adam Conrad <email address hidden> Tue, 03 Jan 2012 12:04:05 -0700