From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 43753 invoked by alias); 13 Nov 2017 14:22:38 -0000 Mailing-List: contact libc-stable-help@sourceware.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Subscribe: List-Archive: Sender: libc-stable-owner@sourceware.org Received: (qmail 43738 invoked by uid 89); 13 Nov 2017 14:22:37 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.99.2 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.7 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 spammy=Executive, Officer, President, Hx-languages-length:943 X-Spam-Status: No, score=-0.7 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: thoth.sbs.de Received: from thoth.sbs.de (HELO thoth.sbs.de) (192.35.17.2) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 13 Nov 2017 14:22:36 +0000 Received: from mail2.sbs.de (mail2.sbs.de [192.129.41.66]) by thoth.sbs.de (8.15.2/8.15.2) with ESMTPS id vADEMXlU004060 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Mon, 13 Nov 2017 15:22:33 +0100 Received: from DEFTHW99ERKMSX.ww902.siemens.net (defthw99erkmsx.ww902.siemens.net [139.22.70.147]) by mail2.sbs.de (8.15.2/8.15.2) with ESMTPS id vADEMKI0008706 (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 13 Nov 2017 15:22:33 +0100 Received: from DENBGAT9ERSMSX.ww902.siemens.net (139.22.70.191) by DEFTHW99ERKMSX.ww902.siemens.net (139.22.70.147) with Microsoft SMTP Server (TLS) id 14.3.361.1; Mon, 13 Nov 2017 15:22:28 +0100 Received: from DENBGAT9EL2MSX.ww902.siemens.net ([169.254.9.243]) by DENBGAT9ERSMSX.ww902.siemens.net ([139.22.70.191]) with mapi id 14.03.0361.001; Mon, 13 Nov 2017 15:22:28 +0100 From: "Sudler, Simon" To: "libc-stable@sourceware.org" Subject: BZ #21361 backport to version prior 2.26? Thread-Topic: BZ #21361 backport to version prior 2.26? Thread-Index: AdNcirPDHPxXAckWSyWekylK4xXDaA== Date: Sun, 01 Jan 2017 00:00:00 -0000 Message-ID: Accept-Language: de-DE, en-US Content-Language: de-DE X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [139.22.70.46] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-SW-Source: 2017-11/txt/msg00003.txt.bz2 Hello, Sorry for the wrong subject last time: I noticed, that the #21361 (CVE-2017-12132) issue was fixed for 2.26, but w= as not applied in the any older release branches. The patch applies perfect= ly for the code with the vulnerability, only the tests requires some backpo= rting. Is there any reason why this issue has not been fixed in any older release?= =20 With best regards, Simon Sudler Siemens AG Process Industries and Drives Division Process Automation www.siemens.com/ingenuityforlife Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Gerhard Crom= me; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Off= icer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina Kugel, Cedrik Neike,= Michael Sen, Ralf P. Thomas; Registered offices: Berlin and Munich, German= y; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 668= 4; WEEE-Reg.-No. DE 23691322