On 02/01/2013 12:16 AM, Jiri Denemark wrote: > On Thu, Jan 31, 2013 at 16:34:24 -0700, Eric Blake wrote: >> CVE-2013-0242 in glibc's regex() can cause a DoS in any daemon >> that runs a regex search on user input while in a multibyte locale. >> I'm not sure how hard it would be to trigger such a setup for >> libvirtd, but rather than risk things, we can avoid the issue: >> gnulib has worked around the problem, and by updating to the latest >> gnulib, we can avoid the bug even on platforms where glibc has yet >> to be patched. >> >> * .gnulib: Update to latest, for various fixes, including regex. >> * bootstrap: Resync from upstream. > > ACK Thanks; pushed. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list