public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla@sourceware.org> To: glibc-bugs@sourceware.org Subject: [Bug localedata/17137] Directory traversal in locale environment handling (CVE-2014-0475) Date: Thu, 10 Jul 2014 15:21:00 -0000 [thread overview] Message-ID: <bug-17137-131-VCot4Vi7cE@http.sourceware.org/bugzilla/> (raw) In-Reply-To: <bug-17137-131@http.sourceware.org/bugzilla/> https://sourceware.org/bugzilla/show_bug.cgi?id=17137 --- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, master has been updated via 585367266923156ac6fb789939a923641ba5aaf4 (commit) via 4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3 (commit) via d183645616b0533b3acee28f1a95570bffbdf50f (commit) from 888c679ba406e89d86bdfbde033e307f5af5198f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=585367266923156ac6fb789939a923641ba5aaf4 commit 585367266923156ac6fb789939a923641ba5aaf4 Author: Florian Weimer <fweimer@redhat.com> Date: Wed May 28 14:05:03 2014 +0200 manual: Update the locale documentation https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3 commit 4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3 Author: Florian Weimer <fweimer@redhat.com> Date: Mon May 12 15:24:12 2014 +0200 _nl_find_locale: Improve handling of crafted locale names [BZ #17137] Prevent directory traversal in locale-related environment variables (CVE-2014-0475). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d183645616b0533b3acee28f1a95570bffbdf50f commit d183645616b0533b3acee28f1a95570bffbdf50f Author: Florian Weimer <fweimer@redhat.com> Date: Wed May 28 14:41:52 2014 +0200 setlocale: Use the heap for the copy of the locale argument This avoids alloca calls with potentially large arguments. ----------------------------------------------------------------------- Summary of changes: ChangeLog | 27 ++++++ NEWS | 12 +++- locale/findlocale.c | 74 +++++++++++++--- locale/setlocale.c | 14 +++- localedata/ChangeLog | 6 ++ localedata/Makefile | 3 +- localedata/tst-setlocale3.c | 203 +++++++++++++++++++++++++++++++++++++++++++ manual/locale.texi | 146 ++++++++++++++++++++++++------- 8 files changed, 436 insertions(+), 49 deletions(-) create mode 100644 localedata/tst-setlocale3.c -- You are receiving this mail because: You are on the CC list for the bug.
next prev parent reply other threads:[~2014-07-10 15:21 UTC|newest] Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top 2014-07-09 16:09 [Bug localedata/17137] New: " fweimer at redhat dot com 2014-07-10 15:21 ` cvs-commit at gcc dot gnu.org [this message] 2014-07-10 16:02 ` [Bug localedata/17137] " fweimer at redhat dot com 2014-07-10 23:20 ` cvs-commit at gcc dot gnu.org 2014-08-28 12:02 ` cvs-commit at gcc dot gnu.org 2014-09-05 13:16 ` cvs-commit at gcc dot gnu.org 2015-01-16 16:59 ` cvs-commit at gcc dot gnu.org 2015-01-16 17:02 ` cvs-commit at gcc dot gnu.org 2015-01-29 18:50 ` cvs-commit at gcc dot gnu.org 2015-02-23 14:23 ` cvs-commit at gcc dot gnu.org 2015-02-23 15:02 ` cvs-commit at gcc dot gnu.org
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-17137-131-VCot4Vi7cE@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=glibc-bugs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).