From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 4438 invoked by alias); 17 Feb 2015 07:26:54 -0000 Mailing-List: contact libc-stable-help@sourceware.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Subscribe: List-Archive: Sender: libc-stable-owner@sourceware.org Received: (qmail 4423 invoked by uid 89); 17 Feb 2015 07:26:54 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.98.6 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_00,SPF_PASS,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-Spam-Status: No, score=-2.0 required=5.0 tests=AWL,BAYES_00,SPF_PASS,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: smtp.gentoo.org Date: Thu, 01 Jan 2015 00:00:00 -0000 From: Mike Frysinger To: libc-stable@sourceware.org Subject: [glibc-2.20] CVE-2015-1472: wscanf allocates too little memory Message-ID: <20150217072928.GD20008@vapier> Mail-Followup-To: libc-stable@sourceware.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="2Z2K0IlrPCVsbNpk" Content-Disposition: inline X-SW-Source: 2015-02/txt/msg00004.txt.bz2 --2Z2K0IlrPCVsbNpk Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-length: 655 i've backported this to the 2.20 branch -mike commit 4d54424420c6300efbf57a7b9aa8635a8b8c1942 Author: Paul Pluzhnikov Date: Fri Feb 6 00:30:42 2015 -0500 CVE-2015-1472: wscanf allocates too little memory BZ #16618 Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer. The implementation now correctly computes the required buffer size when using malloc. A regression test was added to tst-sscanf. (cherry picked from commit 5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06) Conflicts: ChangeLog NEWS --2Z2K0IlrPCVsbNpk Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-length: 819 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJU4u3YAAoJEEFjO5/oN/WB8rcP/jO0XccvLDOEXzXoQtKGm2ZU HXxXpsGtbfdM2D+F5wdqah4Tqilt6yIm3zlfjYIeJPyFqTNgy+iON2Cpgu+0C74Z eMIwZIdNlbimPkIsplPV84gUxFG3vNMKhAAo1hBGsgWjkcsFg+a8Sb96X5/yeDau IXCluTlr3bmfv2EYAT2nY9ThIuTIDv3Am7clpi+TC1Va+OqZlLfYOyyAewp9wS3k qEfmqY6ZMis3Zi0IrCv33NXCf4SbNtKGR97+1DRnHpWqZnZwNy1BEpO/GEhUB5T8 MDJmpuR2UE/5dS/GIQBndj6Pkd3kibSFU7ATn7wuAlKFzaldcz/zTwW1ghLanbO6 CfRvwQF5YMCNUxCGiy6CNWhz+axcFkPVPi2eNWv9DpbF6j04oJNmmlG/mNt3i7es 7GItYVi6owZgw1Csk/Rc+rKWtpiuq1R3mDjTiVS3nKn/7HQXBugEaKPUk2B/u1Bw 31/78p+oZL5r+h45UW8Bzv1e4NM2oun2qco54F0pNWhkovpX8VRUCE9Q9ej49kbq PIAyyYQXjAmh/HSTrZ0jbaBW/Dfh4tmwU0EkJWAZrdN/z6NIl/oYwNtaoIzDMJq8 YpBN64121FGkHZQWN4SGfjVbi8F13fy7h+0d/k8dFnha81qpmEemkuFk9Bt6AOZ7 snBkh9IHTILQ3ODVdqQv =SV3k -----END PGP SIGNATURE----- --2Z2K0IlrPCVsbNpk--