public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug network/30884] New: Memory leak in getaddrinfo after fix for bug 30843
@ 2023-09-25 5:55 fweimer at redhat dot com
2023-09-25 7:28 ` [Bug network/30884] " romain.geissler at amadeus dot com
` (16 more replies)
0 siblings, 17 replies; 18+ messages in thread
From: fweimer at redhat dot com @ 2023-09-25 5:55 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
Bug ID: 30884
Summary: Memory leak in getaddrinfo after fix for bug 30843
Product: glibc
Version: 2.39
Status: NEW
Severity: normal
Priority: P2
Component: network
Assignee: unassigned at sourceware dot org
Reporter: fweimer at redhat dot com
Target Milestone: 2.39
Flags: security+
Romain Geissler reported that getaddrinfo can leak memory after the fix for bug
30843 (CVE-2023-4806) has been applied.
Already fixed for glibc 2.39 via:
commit ec6b95c3303c700eb89eebeda2d7264cc184a796
Author: Romain Geissler <romain.geissler@amadeus.com>
Date: Mon Sep 25 01:21:51 2023 +0100
Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843]
This patch fixes a very recently added leak in getaddrinfo.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Since distributions have already started to backport the earlier fix, this
needs a new CVE assignment for clear communication of the issue.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug network/30884] Memory leak in getaddrinfo after fix for bug 30843
2023-09-25 5:55 [Bug network/30884] New: Memory leak in getaddrinfo after fix for bug 30843 fweimer at redhat dot com
@ 2023-09-25 7:28 ` romain.geissler at amadeus dot com
2023-09-25 7:45 ` [Bug network/30884] Memory leak in getaddrinfo after fix for bug 30843 (CVE-2023-5156) fweimer at redhat dot com
` (15 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: romain.geissler at amadeus dot com @ 2023-09-25 7:28 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
Romain Geissler <romain.geissler at amadeus dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |romain.geissler at amadeus dot com
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug network/30884] Memory leak in getaddrinfo after fix for bug 30843 (CVE-2023-5156)
2023-09-25 5:55 [Bug network/30884] New: Memory leak in getaddrinfo after fix for bug 30843 fweimer at redhat dot com
2023-09-25 7:28 ` [Bug network/30884] " romain.geissler at amadeus dot com
@ 2023-09-25 7:45 ` fweimer at redhat dot com
2023-09-25 7:45 ` fweimer at redhat dot com
` (14 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: fweimer at redhat dot com @ 2023-09-25 7:45 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
Summary|Memory leak in getaddrinfo |Memory leak in getaddrinfo
|after fix for bug 30843 |after fix for bug 30843
| |(CVE-2023-5156)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug network/30884] Memory leak in getaddrinfo after fix for bug 30843 (CVE-2023-5156)
2023-09-25 5:55 [Bug network/30884] New: Memory leak in getaddrinfo after fix for bug 30843 fweimer at redhat dot com
2023-09-25 7:28 ` [Bug network/30884] " romain.geissler at amadeus dot com
2023-09-25 7:45 ` [Bug network/30884] Memory leak in getaddrinfo after fix for bug 30843 (CVE-2023-5156) fweimer at redhat dot com
@ 2023-09-25 7:45 ` fweimer at redhat dot com
2023-09-26 0:28 ` sam at gentoo dot org
` (13 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: fweimer at redhat dot com @ 2023-09-25 7:45 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Alias| |CVE-2023-5156
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug network/30884] Memory leak in getaddrinfo after fix for bug 30843 (CVE-2023-5156)
2023-09-25 5:55 [Bug network/30884] New: Memory leak in getaddrinfo after fix for bug 30843 fweimer at redhat dot com
` (2 preceding siblings ...)
2023-09-25 7:45 ` fweimer at redhat dot com
@ 2023-09-26 0:28 ` sam at gentoo dot org
2023-09-26 11:40 ` cvs-commit at gcc dot gnu.org
` (12 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: sam at gentoo dot org @ 2023-09-26 0:28 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
Sam James <sam at gentoo dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sam at gentoo dot org
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug network/30884] Memory leak in getaddrinfo after fix for bug 30843 (CVE-2023-5156)
2023-09-25 5:55 [Bug network/30884] New: Memory leak in getaddrinfo after fix for bug 30843 fweimer at redhat dot com
` (3 preceding siblings ...)
2023-09-26 0:28 ` sam at gentoo dot org
@ 2023-09-26 11:40 ` cvs-commit at gcc dot gnu.org
2023-09-26 11:42 ` siddhesh at sourceware dot org
` (11 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-09-26 11:40 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Siddhesh Poyarekar
<siddhesh@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fd134feba35fa839018965733b34d28a09a075dd
commit fd134feba35fa839018965733b34d28a09a075dd
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Tue Sep 26 07:38:07 2023 -0400
Document CVE-2023-4806 and CVE-2023-5156 in NEWS
These are tracked in BZ #30884 and BZ #30843.
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug network/30884] Memory leak in getaddrinfo after fix for bug 30843 (CVE-2023-5156)
2023-09-25 5:55 [Bug network/30884] New: Memory leak in getaddrinfo after fix for bug 30843 fweimer at redhat dot com
` (4 preceding siblings ...)
2023-09-26 11:40 ` cvs-commit at gcc dot gnu.org
@ 2023-09-26 11:42 ` siddhesh at sourceware dot org
2023-09-26 22:52 ` cvs-commit at gcc dot gnu.org
` (10 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: siddhesh at sourceware dot org @ 2023-09-26 11:42 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
Siddhesh Poyarekar <siddhesh at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |siddhesh at sourceware dot org
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug network/30884] Memory leak in getaddrinfo after fix for bug 30843 (CVE-2023-5156)
2023-09-25 5:55 [Bug network/30884] New: Memory leak in getaddrinfo after fix for bug 30843 fweimer at redhat dot com
` (5 preceding siblings ...)
2023-09-26 11:42 ` siddhesh at sourceware dot org
@ 2023-09-26 22:52 ` cvs-commit at gcc dot gnu.org
2023-09-26 22:52 ` cvs-commit at gcc dot gnu.org
` (9 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-09-26 22:52 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
--- Comment #2 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.38/master branch has been updated by Siddhesh Poyarekar
<siddhesh@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5ee59ca371b99984232d7584fe2b1a758b4421d3
commit 5ee59ca371b99984232d7584fe2b1a758b4421d3
Author: Romain Geissler <romain.geissler@amadeus.com>
Date: Mon Sep 25 01:21:51 2023 +0100
Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843]
This patch fixes a very recently added leak in getaddrinfo.
This was assigned CVE-2023-5156.
Resolves: BZ #30884
Related: BZ #30842
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit ec6b95c3303c700eb89eebeda2d7264cc184a796)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug network/30884] Memory leak in getaddrinfo after fix for bug 30843 (CVE-2023-5156)
2023-09-25 5:55 [Bug network/30884] New: Memory leak in getaddrinfo after fix for bug 30843 fweimer at redhat dot com
` (6 preceding siblings ...)
2023-09-26 22:52 ` cvs-commit at gcc dot gnu.org
@ 2023-09-26 22:52 ` cvs-commit at gcc dot gnu.org
2023-09-26 22:53 ` cvs-commit at gcc dot gnu.org
` (8 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-09-26 22:52 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
--- Comment #3 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.38/master branch has been updated by Siddhesh Poyarekar
<siddhesh@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f6445dc94da185b3d1ee283f0ca0a34c4e1986cc
commit f6445dc94da185b3d1ee283f0ca0a34c4e1986cc
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Tue Sep 26 07:38:07 2023 -0400
Document CVE-2023-4806 and CVE-2023-5156 in NEWS
These are tracked in BZ #30884 and BZ #30843.
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit fd134feba35fa839018965733b34d28a09a075dd)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug network/30884] Memory leak in getaddrinfo after fix for bug 30843 (CVE-2023-5156)
2023-09-25 5:55 [Bug network/30884] New: Memory leak in getaddrinfo after fix for bug 30843 fweimer at redhat dot com
` (7 preceding siblings ...)
2023-09-26 22:52 ` cvs-commit at gcc dot gnu.org
@ 2023-09-26 22:53 ` cvs-commit at gcc dot gnu.org
2023-09-26 22:53 ` cvs-commit at gcc dot gnu.org
` (7 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-09-26 22:53 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
--- Comment #4 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.37/master branch has been updated by Siddhesh Poyarekar
<siddhesh@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4473d1b87d04b25cdd0e0354814eeaa421328268
commit 4473d1b87d04b25cdd0e0354814eeaa421328268
Author: Romain Geissler <romain.geissler@amadeus.com>
Date: Mon Sep 25 01:21:51 2023 +0100
Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843]
This patch fixes a very recently added leak in getaddrinfo.
This was assigned CVE-2023-5156.
Resolves: BZ #30884
Related: BZ #30842
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit ec6b95c3303c700eb89eebeda2d7264cc184a796)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug network/30884] Memory leak in getaddrinfo after fix for bug 30843 (CVE-2023-5156)
2023-09-25 5:55 [Bug network/30884] New: Memory leak in getaddrinfo after fix for bug 30843 fweimer at redhat dot com
` (8 preceding siblings ...)
2023-09-26 22:53 ` cvs-commit at gcc dot gnu.org
@ 2023-09-26 22:53 ` cvs-commit at gcc dot gnu.org
2023-09-26 22:53 ` cvs-commit at gcc dot gnu.org
` (6 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-09-26 22:53 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
--- Comment #5 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.37/master branch has been updated by Siddhesh Poyarekar
<siddhesh@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=94ef70136587c40a357f775677997c753b3de56c
commit 94ef70136587c40a357f775677997c753b3de56c
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Tue Sep 26 07:38:07 2023 -0400
Document CVE-2023-4806 and CVE-2023-5156 in NEWS
These are tracked in BZ #30884 and BZ #30843.
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit fd134feba35fa839018965733b34d28a09a075dd)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug network/30884] Memory leak in getaddrinfo after fix for bug 30843 (CVE-2023-5156)
2023-09-25 5:55 [Bug network/30884] New: Memory leak in getaddrinfo after fix for bug 30843 fweimer at redhat dot com
` (9 preceding siblings ...)
2023-09-26 22:53 ` cvs-commit at gcc dot gnu.org
@ 2023-09-26 22:53 ` cvs-commit at gcc dot gnu.org
2023-09-26 22:54 ` cvs-commit at gcc dot gnu.org
` (5 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-09-26 22:53 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
--- Comment #6 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.36/master branch has been updated by Siddhesh Poyarekar
<siddhesh@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=856bac55f98dc840e7c27cfa82262b933385de90
commit 856bac55f98dc840e7c27cfa82262b933385de90
Author: Romain Geissler <romain.geissler@amadeus.com>
Date: Mon Sep 25 01:21:51 2023 +0100
Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843]
This patch fixes a very recently added leak in getaddrinfo.
This was assigned CVE-2023-5156.
Resolves: BZ #30884
Related: BZ #30842
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit ec6b95c3303c700eb89eebeda2d7264cc184a796)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug network/30884] Memory leak in getaddrinfo after fix for bug 30843 (CVE-2023-5156)
2023-09-25 5:55 [Bug network/30884] New: Memory leak in getaddrinfo after fix for bug 30843 fweimer at redhat dot com
` (10 preceding siblings ...)
2023-09-26 22:53 ` cvs-commit at gcc dot gnu.org
@ 2023-09-26 22:54 ` cvs-commit at gcc dot gnu.org
2023-09-26 22:54 ` cvs-commit at gcc dot gnu.org
` (4 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-09-26 22:54 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
--- Comment #7 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.36/master branch has been updated by Siddhesh Poyarekar
<siddhesh@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=32957eb6a86acdbeec9f38a60a7d5a0ff32db03d
commit 32957eb6a86acdbeec9f38a60a7d5a0ff32db03d
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Tue Sep 26 07:38:07 2023 -0400
Document CVE-2023-4806 and CVE-2023-5156 in NEWS
These are tracked in BZ #30884 and BZ #30843.
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit fd134feba35fa839018965733b34d28a09a075dd)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug network/30884] Memory leak in getaddrinfo after fix for bug 30843 (CVE-2023-5156)
2023-09-25 5:55 [Bug network/30884] New: Memory leak in getaddrinfo after fix for bug 30843 fweimer at redhat dot com
` (11 preceding siblings ...)
2023-09-26 22:54 ` cvs-commit at gcc dot gnu.org
@ 2023-09-26 22:54 ` cvs-commit at gcc dot gnu.org
2023-09-26 22:54 ` cvs-commit at gcc dot gnu.org
` (3 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-09-26 22:54 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
--- Comment #8 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.35/master branch has been updated by Siddhesh Poyarekar
<siddhesh@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=17092c0311f954e6f3c010f73ce3a78c24ac279a
commit 17092c0311f954e6f3c010f73ce3a78c24ac279a
Author: Romain Geissler <romain.geissler@amadeus.com>
Date: Mon Sep 25 01:21:51 2023 +0100
Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843]
This patch fixes a very recently added leak in getaddrinfo.
This was assigned CVE-2023-5156.
Resolves: BZ #30884
Related: BZ #30842
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit ec6b95c3303c700eb89eebeda2d7264cc184a796)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug network/30884] Memory leak in getaddrinfo after fix for bug 30843 (CVE-2023-5156)
2023-09-25 5:55 [Bug network/30884] New: Memory leak in getaddrinfo after fix for bug 30843 fweimer at redhat dot com
` (12 preceding siblings ...)
2023-09-26 22:54 ` cvs-commit at gcc dot gnu.org
@ 2023-09-26 22:54 ` cvs-commit at gcc dot gnu.org
2023-09-26 22:54 ` cvs-commit at gcc dot gnu.org
` (2 subsequent siblings)
16 siblings, 0 replies; 18+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-09-26 22:54 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
--- Comment #9 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.35/master branch has been updated by Siddhesh Poyarekar
<siddhesh@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=73d4ce728a59deb2fd18969e559769b3f590fac9
commit 73d4ce728a59deb2fd18969e559769b3f590fac9
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Tue Sep 26 07:38:07 2023 -0400
Document CVE-2023-4806 and CVE-2023-5156 in NEWS
These are tracked in BZ #30884 and BZ #30843.
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit fd134feba35fa839018965733b34d28a09a075dd)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug network/30884] Memory leak in getaddrinfo after fix for bug 30843 (CVE-2023-5156)
2023-09-25 5:55 [Bug network/30884] New: Memory leak in getaddrinfo after fix for bug 30843 fweimer at redhat dot com
` (13 preceding siblings ...)
2023-09-26 22:54 ` cvs-commit at gcc dot gnu.org
@ 2023-09-26 22:54 ` cvs-commit at gcc dot gnu.org
2023-09-26 22:54 ` cvs-commit at gcc dot gnu.org
2023-09-26 22:58 ` siddhesh at sourceware dot org
16 siblings, 0 replies; 18+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-09-26 22:54 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
--- Comment #10 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.34/master branch has been updated by Siddhesh Poyarekar
<siddhesh@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8006457ab7e1cd556b919f477348a96fe88f2e49
commit 8006457ab7e1cd556b919f477348a96fe88f2e49
Author: Romain Geissler <romain.geissler@amadeus.com>
Date: Mon Sep 25 01:21:51 2023 +0100
Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843]
This patch fixes a very recently added leak in getaddrinfo.
This was assigned CVE-2023-5156.
Resolves: BZ #30884
Related: BZ #30842
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit ec6b95c3303c700eb89eebeda2d7264cc184a796)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug network/30884] Memory leak in getaddrinfo after fix for bug 30843 (CVE-2023-5156)
2023-09-25 5:55 [Bug network/30884] New: Memory leak in getaddrinfo after fix for bug 30843 fweimer at redhat dot com
` (14 preceding siblings ...)
2023-09-26 22:54 ` cvs-commit at gcc dot gnu.org
@ 2023-09-26 22:54 ` cvs-commit at gcc dot gnu.org
2023-09-26 22:58 ` siddhesh at sourceware dot org
16 siblings, 0 replies; 18+ messages in thread
From: cvs-commit at gcc dot gnu.org @ 2023-09-26 22:54 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
--- Comment #11 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
The release/2.34/master branch has been updated by Siddhesh Poyarekar
<siddhesh@sourceware.org>:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c3b99f8328939533a9b6ac93e8ae7285e90fbdab
commit c3b99f8328939533a9b6ac93e8ae7285e90fbdab
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Tue Sep 26 07:38:07 2023 -0400
Document CVE-2023-4806 and CVE-2023-5156 in NEWS
These are tracked in BZ #30884 and BZ #30843.
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit fd134feba35fa839018965733b34d28a09a075dd)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 18+ messages in thread
* [Bug network/30884] Memory leak in getaddrinfo after fix for bug 30843 (CVE-2023-5156)
2023-09-25 5:55 [Bug network/30884] New: Memory leak in getaddrinfo after fix for bug 30843 fweimer at redhat dot com
` (15 preceding siblings ...)
2023-09-26 22:54 ` cvs-commit at gcc dot gnu.org
@ 2023-09-26 22:58 ` siddhesh at sourceware dot org
16 siblings, 0 replies; 18+ messages in thread
From: siddhesh at sourceware dot org @ 2023-09-26 22:58 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=30884
Siddhesh Poyarekar <siddhesh at sourceware dot org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #12 from Siddhesh Poyarekar <siddhesh at sourceware dot org> ---
Fixed all the way back to 2.34.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2023-09-26 22:58 UTC | newest]
Thread overview: 18+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-25 5:55 [Bug network/30884] New: Memory leak in getaddrinfo after fix for bug 30843 fweimer at redhat dot com
2023-09-25 7:28 ` [Bug network/30884] " romain.geissler at amadeus dot com
2023-09-25 7:45 ` [Bug network/30884] Memory leak in getaddrinfo after fix for bug 30843 (CVE-2023-5156) fweimer at redhat dot com
2023-09-25 7:45 ` fweimer at redhat dot com
2023-09-26 0:28 ` sam at gentoo dot org
2023-09-26 11:40 ` cvs-commit at gcc dot gnu.org
2023-09-26 11:42 ` siddhesh at sourceware dot org
2023-09-26 22:52 ` cvs-commit at gcc dot gnu.org
2023-09-26 22:52 ` cvs-commit at gcc dot gnu.org
2023-09-26 22:53 ` cvs-commit at gcc dot gnu.org
2023-09-26 22:53 ` cvs-commit at gcc dot gnu.org
2023-09-26 22:53 ` cvs-commit at gcc dot gnu.org
2023-09-26 22:54 ` cvs-commit at gcc dot gnu.org
2023-09-26 22:54 ` cvs-commit at gcc dot gnu.org
2023-09-26 22:54 ` cvs-commit at gcc dot gnu.org
2023-09-26 22:54 ` cvs-commit at gcc dot gnu.org
2023-09-26 22:54 ` cvs-commit at gcc dot gnu.org
2023-09-26 22:58 ` siddhesh at sourceware dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).