This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ #19879]
- From: Joseph Myers <joseph at codesourcery dot com>
- To: Florian Weimer <fweimer at redhat dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>
- Date: Tue, 29 Mar 2016 21:41:02 +0000
- Subject: Re: [PATCH] CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r [BZ #19879]
- Authentication-results: sourceware.org; auth=none
- References: <56FA607D dot 4070803 at redhat dot com>
On Tue, 29 Mar 2016, Florian Weimer wrote:
> This is a minor security issue in nss_dns, triggered by a very long name
> passed to getnetbyname.
As a security issue it should have an entry in the "Security related
changes" section of NEWS for 2.24.
--
Joseph S. Myers
joseph@codesourcery.com