Glibc glob patch

tristan twem2 at hermes.cam.ac.uk
Mon Jan 14 01:47:57 PST 2002


On Sat, Jan 12, 2002 at 06:02:53PM +0000, Mark Binns wrote:
> On Sat, 12 Jan 2002, Bruce Dubbs wrote:
> > I don't see a patch in the book, but I did find:
> > http://sources.redhat.com/ml/bug-glibc/2001-11/msg00109.html
> >
> > and its follow up:
> >
> > http://sources.redhat.com/ml/bug-glibc/2001-11/msg00110.html
> 
> Ah ha! That looks like the one. Is that patch for their development (cvs)
> glibc or the 2.2.4 release? It may be worth including the patch in the
> book if the 2.2.4 release leaves you open to remote root exploits if
> you're running some ftpds.

The patch seems to have been accepted, its in the ChangeLog for
2.2.5pre1 - 

2001-11-29  Jakub Jelinek  <jakub at redhat.com>

        * sysdeps/generic/glob.c (next_brace_sub): Return NULL if braces
        don't match, fix {{a,b},c} globbing, clean up.
        Patch by Flavio Veloso <flaviovs at magnux.com>.


I should think this means that it is applicable to 2.2.4

tristan
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list