From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 23373 invoked by alias); 26 Aug 2014 18:08:56 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Received: (qmail 23319 invoked by uid 55); 26 Aug 2014 18:08:49 -0000 From: "cvs-commit at gcc dot gnu.org" To: glibc-bugs@sourceware.org Subject: [Bug localedata/17187] Out-of-bounds NUL write in iconv_open (CVE-2014-5119) Date: Tue, 26 Aug 2014 18:08:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: localedata X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: ASSIGNED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: fweimer at redhat dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security+ X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-08/txt/msg00106.txt.bz2 https://sourceware.org/bugzilla/show_bug.cgi?id=17187 --- Comment #2 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, master has been updated via a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8 (commit) from e4e7cfd287686d26fce2218ed5b2d383db5e338a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8 commit a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8 Author: Florian Weimer Date: Tue Aug 26 19:38:59 2014 +0200 __gconv_translit_find: Disable function [BZ #17187] This functionality has never worked correctly, and the implementation contained a security vulnerability (CVE-2014-5119). ----------------------------------------------------------------------- Summary of changes: ChangeLog | 7 ++ NEWS | 9 ++- iconv/gconv_trans.c | 177 +------------------------------------------------- 3 files changed, 19 insertions(+), 174 deletions(-) -- You are receiving this mail because: You are on the CC list for the bug.