This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ #19879]

From: Joseph Myers <joseph at codesourcery dot com>
To: Florian Weimer <fweimer at redhat dot com>
Cc: GNU C Library <libc-alpha at sourceware dot org>
Date: Tue, 29 Mar 2016 21:41:02 +0000
Subject: Re: [PATCH] CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ #19879]
Authentication-results: sourceware.org; auth=none
References: <56FA607D dot 4070803 at redhat dot com>

On Tue, 29 Mar 2016, Florian Weimer wrote:

> This is a minor security issue in nss_dns, triggered by a very long name
> passed to getnetbyname.

As a security issue it should have an entry in the "Security related 
changes" section of NEWS for 2.24.

-- 
Joseph S. Myers
joseph@codesourcery.com

References:
- [PATCH] CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ #19879]
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]