From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
	id C171C38582BC; Tue,  6 Jun 2023 12:24:47 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C171C38582BC
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1686054287;
	bh=xVa2AKRzsqPfBC+HBIVHnR7TcqdyHsMPXpHka1ywqJ8=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=ItD5SK7FGiGoCXmcrlKX+xvrrWl+si9vIKawuO6IivMZOBOz/5fz/ZtNmaWAlAGvS
	 0Xh43zaYvvTV4QnhNbPjbIjvltpLkFPT5luKxAVi2FgWQ95dh4b2IElpsm+3hVZp3R
	 NBeFYnsySbDeHBdpUnzkwFMpZ26hVGxbHpnYpunw=
From: "helmut at subdivi dot de" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug libc/18036] buffer overflow (read past end of buffer) in
 internal_fnmatch=>end_pattern with "**(!()" pattern
Date: Tue, 06 Jun 2023 12:24:46 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: libc
X-Bugzilla-Version: 2.21
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: helmut at subdivi dot de
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Resolution: FIXED
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: ppluzhnikov at google dot com
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: security+
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-18036-131-brezyyZihh@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-18036-131@http.sourceware.org/bugzilla/>
References: <bug-18036-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <glibc-bugs.sourceware.org>

https://sourceware.org/bugzilla/show_bug.cgi?id=3D18036

Helmut Grohne <helmut at subdivi dot de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |helmut at subdivi dot de

--- Comment #5 from Helmut Grohne <helmut at subdivi dot de> ---
While this bug has been tracked together with
https://sourceware.org/bugzilla/show_bug.cgi?id=3D18032 as CVE-2015-8984 e.=
g. in
RedHat https://bugzilla.redhat.com/show_bug.cgi?id=3D1197730#c3, that's not
universally the case and e.g. Debian missed this fix in Debian 8 while
including the other. As such, I think it would be best to track these
separately using separate CVE identifiers. Would you want to request one or
should I request via the standard mitre interface?

--=20
You are receiving this mail because:
You are on the CC list for the bug.=