From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tomas@tuxteam.de>
Received: from mail.tuxteam.de (mail.tuxteam.de [5.199.139.25])
 by sourceware.org (Postfix) with ESMTPS id 5826C3858001
 for <libc-help@sourceware.org>; Thu, 25 Mar 2021 20:46:53 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 5826C3858001
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=tuxteam.de
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=tomas@tuxteam.de
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tuxteam.de;
 s=mail; 
 h=From:In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:Date;
 bh=RccG9BxgnWW5ctIHp7e2Z8i2Uvme6QtmhqeJFll5qPM=; 
 b=Rn4TY407URqhYjNzRmLV1HX95J8Bzxa7PUU4OqbW9Ra+0sqi0bqdMaMTE0FR+tO3UT3d38n6kYj75pvlSxBCVWTC7/t5QWWeMaZCjxGZToshYA6utPacfzQWu68EBkSEE5Pt+NwGu1wr0HYjzZGsXEvaG48rTfS/AHIxgdLYlhHlG7h7CtGHS0W33ed9ceY1/UrYhEH7THZHjDmqdGKIqJnqfqiQ/DcvAcpdzFYUEDVgQYI/K36+peJZtvOqpkjr2sOHfxZeO2Zy2treOYQEVfDksGSToEb9/t7TpyZ8us8MrtVWQ793DuFTCknVAxmFxVDwetwbdOR6IR1p4YtjUw==;
Received: from tomas by mail.tuxteam.de with local (Exim 4.80)
 (envelope-from <tomas@tuxteam.de>)
 id 1lPWsV-0007Aw-OM; Thu, 25 Mar 2021 21:46:51 +0100
Date: Thu, 25 Mar 2021 21:46:51 +0100
To: Peng Yu <pengyu.ut@gmail.com>
Cc: libc-help <libc-help@sourceware.org>
Subject: Re: How to find the original code that causes a CVE?
Message-ID: <20210325204651.GC5458@tuxteam.de>
References: <CABrM6wmvZivW6sF2zNwY_BizSaqXf_ECFisAqFtgVoZUxa=5UA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature"; boundary="JwB53PgKC5A7+0Ej"
Content-Disposition: inline
In-Reply-To: <CABrM6wmvZivW6sF2zNwY_BizSaqXf_ECFisAqFtgVoZUxa=5UA@mail.gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
From: <tomas@tuxteam.de>
X-Spam-Status: No, score=-3.2 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: libc-help@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-help mailing list <libc-help.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-help>,
 <mailto:libc-help-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-help/>
List-Help: <mailto:libc-help-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-help>,
 <mailto:libc-help-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Mar 2021 20:46:54 -0000


--JwB53PgKC5A7+0Ej
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Mar 25, 2021 at 03:35:33PM -0500, Peng Yu via Libc-help wrote:
> Hi,
>=20
> https://www.cvedetails.com/cve/CVE-2017-16997/
>=20
> I see this CVE for glibc. But it is not clear how to look up which
> line of the source code causes this vulnerability. Could anybody show
> me how to look this up?

You can look it up in the glibc bug database:

  https://sourceware.org/bugzilla/show_bug.cgi?id=3DCVE-2017-16997

Cheers
-- tomas

--JwB53PgKC5A7+0Ej
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAmBc9rsACgkQBcgs9XrR2kYHbQCeM1XvBr20ZyLlunmMW5DiWJ2u
AyAAn2WNmPW6uZNk2eJOag/qUNTPXsf8
=PZ5X
-----END PGP SIGNATURE-----

--JwB53PgKC5A7+0Ej--