diff options
author | Marius Bakke <mbakke@fastmail.com> | 2017-11-28 18:04:36 +0100 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2018-01-02 16:55:17 +0100 |
commit | 0c86790bfdf5a3e61bff6e289c1dcef16154a27b (patch) | |
tree | 49a36fe3e321a4e622e5ebb6cbd99b96c1b56957 /gnu/packages/patches | |
parent | 4adde2a9192c671ead0b37a2c8da67081a44a2dc (diff) | |
download | guix-0c86790bfdf5a3e61bff6e289c1dcef16154a27b.tar guix-0c86790bfdf5a3e61bff6e289c1dcef16154a27b.tar.gz |
Revert "gnu: glibc: Fix CVE-2017-15670, CVE-2017-15671."
These issues has been classified as minor by Debian:
https://security-tracker.debian.org/tracker/CVE-2017-15670
https://security-tracker.debian.org/tracker/CVE-2017-15671
In addition, the patch only fixes one of the two CVEs it claims to fix. We
don't backport most CVEs, especially non-critical ones, so no need to carry
this (which is in 2.26). See discussion at <https://bugs.gnu.org/29490>.
This reverts commit 60e29339d8389e678bb9ca4bd3420ee9ee88bdf2.
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/glibc-CVE-2017-15670-15671.patch | 27 |
1 files changed, 0 insertions, 27 deletions
diff --git a/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch b/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch deleted file mode 100644 index 76d688c517..0000000000 --- a/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch +++ /dev/null @@ -1,27 +0,0 @@ -Fix CVE-2017-15670: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15670 -https://sourceware.org/bugzilla/show_bug.cgi?id=22320 -https://bugzilla.redhat.com/show_bug.cgi?id=1504804 - -And CVE-2017-15671: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671 -https://sourceware.org/bugzilla/show_bug.cgi?id=22325 -https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15671 - -Copied from upstream: -<https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=2d1bd71ec70a31b01d01b734faa66bb1ed28961f> - -diff --git a/posix/glob.c b/posix/glob.c ---- a/posix/glob.c -+++ b/posix/glob.c -@@ -843,7 +843,7 @@ - *p = '\0'; - } - else -- *((char *) mempcpy (newp, dirname + 1, end_name - dirname)) -+ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1)) - = '\0'; - user_name = newp; - } |