← Back to team overview

touch-packages team mailing list archive

[Bug 1396471] Re: glibc vulnerability CVE-2014-7817

 

This bug was fixed in the package eglibc - 2.11.1-0ubuntu7.19

---------------
eglibc (2.11.1-0ubuntu7.19) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service in IBM gconv modules
    - debian/patches/any/CVE-2012-6656.diff: fix check in
      iconvdata/ibm930.c.
    - debian/patches/any/cvs-CVE-2014-6040.diff: fix checks in
      iconvdata/ibm*.c.
    - CVE-2012-6656
    - CVE-2014-6040
  * SECURITY UPDATE: arbitrary command execution via wordexp (LP: #1396471)
    - debian/patches/any/CVE-2014-7817.diff: properly handle WRDE_NOCMD in
      posix/wordexp.c, added tests to posix/wordexp-test.c.
    - CVE-2014-7817
 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>   Tue, 02 Dec 2014 11:24:33 -0500

** Changed in: eglibc (Ubuntu Trusty)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1396471

Title:
  glibc vulnerability CVE-2014-7817

Status in eglibc package in Ubuntu:
  Invalid
Status in glibc package in Ubuntu:
  Confirmed
Status in eglibc source package in Lucid:
  Fix Released
Status in glibc source package in Lucid:
  Invalid
Status in eglibc source package in Precise:
  Fix Released
Status in glibc source package in Precise:
  Invalid
Status in eglibc source package in Trusty:
  Fix Released
Status in glibc source package in Trusty:
  Invalid
Status in eglibc source package in Utopic:
  Invalid
Status in glibc source package in Utopic:
  Fix Released
Status in eglibc source package in Vivid:
  Invalid
Status in glibc source package in Vivid:
  Confirmed

Bug description:
  http://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2014-7817
  https://security-tracker.debian.org/tracker/CVE-2014-7817

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1396471/+subscriptions