Subject: CVE-2015-0235

CVE-2015-0235

From: Daniel Hardman <daniel.hardman_at_gmail.com>
Date: Wed, 28 Jan 2015 13:06:18 -0700

Do we know if c-ares (indirectly) uses __nss_hostname_digits_dots() from
glibc? If so, we may want to roll out a new .deb and .rpm that was built
against an updated glibc.

More info about the vulnerability:
http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/

-- Daniel
Received on 2015-01-28

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: CVE-2015-0235"
Previous message: Daniel Hardman: "select() returns 1, timeout hasn't expired, but all FD bits are zero"
Next in thread: Daniel Stenberg: "Re: CVE-2015-0235"
Reply: Daniel Stenberg: "Re: CVE-2015-0235"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]