From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libc-stable-return-448-listarch-libc-stable=sourceware.org@sourceware.org>
Received: (qmail 90134 invoked by alias); 17 Nov 2017 11:44:43 -0000
Mailing-List: contact libc-stable-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:libc-stable@sourceware.org>
List-Help: <mailto:libc-stable-help@sourceware.org>
List-Subscribe: <mailto:libc-stable-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-stable/>
Sender: libc-stable-owner@sourceware.org
Received: (qmail 90123 invoked by uid 89); 17 Nov 2017 11:44:42 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Checked: by ClamAV 0.99.2 on sourceware.org
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.4 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY,KB_WAM_FROM_NAME_SINGLEWORD,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2 spammy=
X-Spam-Status: No, score=-1.4 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY,KB_WAM_FROM_NAME_SINGLEWORD,RCVD_IN_DNSWL_LOW autolearn=no version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org
X-Spam-Level:
X-HELO: mx0a-001b2d01.pphosted.com
Received: from mx0a-001b2d01.pphosted.com (HELO mx0a-001b2d01.pphosted.com) (148.163.156.1) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 17 Nov 2017 11:44:40 +0000
Received: from pps.filterd (m0098404.ppops.net [127.0.0.1])	by mx0a-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id vAHBhxBE049055	for <libc-stable@sourceware.org>; Fri, 17 Nov 2017 06:44:39 -0500
Received: from e37.co.us.ibm.com (e37.co.us.ibm.com [32.97.110.158])	by mx0a-001b2d01.pphosted.com with ESMTP id 2e9waen475-1	(version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT)	for <libc-stable@sourceware.org>; Fri, 17 Nov 2017 06:44:38 -0500
Received: from localhost	by e37.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted	for <libc-stable@sourceware.org> from <tuliom@linux.vnet.ibm.com>;	Fri, 17 Nov 2017 04:44:38 -0700
Received: from b03cxnp07028.gho.boulder.ibm.com (9.17.130.15)	by e37.co.us.ibm.com (192.168.1.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted;	Fri, 17 Nov 2017 04:44:36 -0700
Received: from b03ledav005.gho.boulder.ibm.com (b03ledav005.gho.boulder.ibm.com [9.17.130.236])	by b03cxnp07028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id vAHBiZDl60817618;	Fri, 17 Nov 2017 04:44:35 -0700
Received: from b03ledav005.gho.boulder.ibm.com (unknown [127.0.0.1])	by IMSVA (Postfix) with ESMTP id 6E1CFBE03E;	Fri, 17 Nov 2017 04:44:35 -0700 (MST)
Received: from shinano (unknown [9.18.239.64])	by b03ledav005.gho.boulder.ibm.com (Postfix) with SMTP id DAFF1BE038;	Fri, 17 Nov 2017 04:44:33 -0700 (MST)
Received: by shinano (sSMTP sendmail emulation); Fri, 17 Nov 2017 09:44:32 -0200
From: "Tulio Magno Quites Machado Filho" <tuliom@linux.vnet.ibm.com>
To: "Sudler\, Simon" <simon.sudler@siemens.com>,        "libc-stable\@sourceware.org" <libc-stable@sourceware.org>
Cc:
Subject: Re: BZ #21361 backport to version prior 2.26?  Was: +
In-Reply-To: <EB4794275C0C904BBABD6840AB8DC22D059208CE@DENBGAT9EL2MSX.ww902.siemens.net>
References: <EB4794275C0C904BBABD6840AB8DC22D059208CE@DENBGAT9EL2MSX.ww902.siemens.net>
User-Agent: Notmuch/0.25 (http://notmuchmail.org) Emacs/25.3.1 (x86_64-redhat-linux-gnu)
Date: Sun, 01 Jan 2017 00:00:00 -0000
MIME-Version: 1.0
Content-Type: text/plain
X-TM-AS-GCONF: 00
x-cbid: 17111711-0024-0000-0000-00001780CB15
X-IBM-SpamModules-Scores:
X-IBM-SpamModules-Versions: BY=3.00008081; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000240; SDB=6.00947150; UDB=6.00478164; IPR=6.00727442; BA=6.00005697; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00018061; XFM=3.00000015; UTC=2017-11-17 11:44:36
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 17111711-0025-0000-0000-00004D89F3A6
Message-Id: <87wp2pp1sv.fsf@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-11-17_04:,, signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1711170160
X-IsSubscribed: yes
X-SW-Source: 2017-11/txt/msg00009.txt.bz2

Hi Simon,

"Sudler, Simon" <simon.sudler@siemens.com> writes:

> I noticed, that the #21361 (CVE-2017-12132) issue was fixed for 2.26, but was not applied in the any older release branches. The patch applies perfectly for the code with the vulnerability, only the tests requires some backporting.

It was also backported to glibc 2.25:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=47db584c74e2bbcf1ba55e62d949c1a738da5e0a

> Is there any reason why this issue has not been fixed in any older release? 

Because no one proposed this backport.  ;-)

Are you looking for a backport for a particular version?

-- 
Tulio Magno