From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sourceware-bugzilla@sourceware.org>
Received: by sourceware.org (Postfix, from userid 48)
	id AF9993858C50; Wed,  8 Feb 2023 01:32:28 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org AF9993858C50
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1675819948;
	bh=1WvbDy5Ph85zuCk67zzQLXvSHRSmYQmM+6PeL6BBPNY=;
	h=From:To:Subject:Date:In-Reply-To:References:From;
	b=AweGv63cysMnkrHyusGNf/aaoXck3tv2oPnRnxaevlLgnybh5vgCHKPoIU6gAgSl8
	 Q7Ebksee0SzU3CgaB6kPY3AEU+q7bmHkLJJGGtPPFdq8Gd4EGTnTtpbz40FHKuHT4M
	 aay6NLpqm7ru6/wv4BDIntAWTBTV9xHX8GamgpfU=
From: "carlos at redhat dot com" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug stdio/30068] incorrect printf output for integers with
 thousands separator and width field (CVE-2023-25139)
Date: Wed, 08 Feb 2023 01:32:28 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: glibc
X-Bugzilla-Component: stdio
X-Bugzilla-Version: 2.37
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: critical
X-Bugzilla-Who: carlos at redhat dot com
X-Bugzilla-Status: RESOLVED
X-Bugzilla-Resolution: FIXED
X-Bugzilla-Priority: P2
X-Bugzilla-Assigned-To: unassigned at sourceware dot org
X-Bugzilla-Target-Milestone: 2.38
X-Bugzilla-Flags: security+
X-Bugzilla-Changed-Fields: keywords
Message-ID: <bug-30068-131-dJZkiWcSwv@http.sourceware.org/bugzilla/>
In-Reply-To: <bug-30068-131@http.sourceware.org/bugzilla/>
References: <bug-30068-131@http.sourceware.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://sourceware.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
List-Id: <glibc-bugs.sourceware.org>

https://sourceware.org/bugzilla/show_bug.cgi?id=3D30068

Carlos O'Donell <carlos at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|glibc_2.37                  |

--- Comment #11 from Carlos O'Donell <carlos at redhat dot com> ---
Fixed in release/2.37/master with:

commit 07b9521fc6369d000216b96562ff7c0ed32a16c4
Author: Carlos O'Donell <carlos@redhat.com>
Date:   Thu Jan 19 12:50:20 2023 +0100

    Account for grouping in printf width (bug 30068)

    This is a partial fix for mishandling of grouping when formatting
    integers.  It properly computes the width in the presence of grouping
    characters when the width is larger than the number of significant
    digits. The precision related issue is documented in bug 23432.

    Co-authored-by: Andreas Schwab <schwab@suse.de>
    (cherry picked from commit c980549cc6a1c03c23cc2fe3e7b0fe626a0364b0)

--=20
You are receiving this mail because:
You are on the CC list for the bug.=