This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug localedata/17137] Directory traversal in locale environment handling (CVE-2014-0475)

From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Thu, 10 Jul 2014 15:21:18 +0000
Subject: [Bug localedata/17137] Directory traversal in locale environment handling (CVE-2014-0475)
Auto-submitted: auto-generated
References: <bug-17137-131 at http dot sourceware dot org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=17137

--- Comment #1 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  585367266923156ac6fb789939a923641ba5aaf4 (commit)
       via  4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3 (commit)
       via  d183645616b0533b3acee28f1a95570bffbdf50f (commit)
      from  888c679ba406e89d86bdfbde033e307f5af5198f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=585367266923156ac6fb789939a923641ba5aaf4

commit 585367266923156ac6fb789939a923641ba5aaf4
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed May 28 14:05:03 2014 +0200

    manual: Update the locale documentation

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3

commit 4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3
Author: Florian Weimer <fweimer@redhat.com>
Date:   Mon May 12 15:24:12 2014 +0200

    _nl_find_locale: Improve handling of crafted locale names [BZ #17137]

    Prevent directory traversal in locale-related environment variables
    (CVE-2014-0475).

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d183645616b0533b3acee28f1a95570bffbdf50f

commit d183645616b0533b3acee28f1a95570bffbdf50f
Author: Florian Weimer <fweimer@redhat.com>
Date:   Wed May 28 14:41:52 2014 +0200

    setlocale: Use the heap for the copy of the locale argument

    This avoids alloca calls with potentially large arguments.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                   |   27 ++++++
 NEWS                        |   12 +++-
 locale/findlocale.c         |   74 +++++++++++++---
 locale/setlocale.c          |   14 +++-
 localedata/ChangeLog        |    6 ++
 localedata/Makefile         |    3 +-
 localedata/tst-setlocale3.c |  203 +++++++++++++++++++++++++++++++++++++++++++
 manual/locale.texi          |  146 ++++++++++++++++++++++++-------
 8 files changed, 436 insertions(+), 49 deletions(-)
 create mode 100644 localedata/tst-setlocale3.c

-- 
You are receiving this mail because:
You are on the CC list for the bug.

References:
- [Bug localedata/17137] New: Directory traversal in locale environment handling (CVE-2014-0475)
  - From: fweimer at redhat dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]