This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: DoS in RPC implementation (CVE-2011-4069)
- From: Carlos O'Donell <carlos_odonell at mentor dot com>
- To: Aurelien Jarno <aurelien at aurel32 dot net>, Jeff Law <law at redhat dot com>
- Cc: <libc-alpha at sourceware dot org>
- Date: Sun, 3 Jun 2012 18:48:14 -0400
- Subject: Re: DoS in RPC implementation (CVE-2011-4069)
- References: <20120602201911.GA7099@volta.aurel32.net>
On 6/2/2012 4:19 PM, Aurelien Jarno wrote:
> I have been informed that Debian eglibc is vulnerable to CVE-2011-4069,
> a DoS in RPC implementation. I have been provided the following patch,
> originating from Red Hat [1] and Ubuntu [2].
>
> Instead of having this patch in every distribution, it might be a good
> idea to merge that directly upstream. Unfortunately I don't know who to
> give the credit to, so I don't know how to write the changelog in that
> case.
Aurelien,
You need copyright assignment.
The patch was uploaded by Vincent Danen on the RH bugzilla in [1].
I don't see Danen explicitly in the FSF's copyright.list, but he might be covered under his employer.
I believe that Vincent works for Red Hat, but I don't have an email for him.
Jeff,
Does Vincent work at Red Hat?
If he does can you find out if he is actually the author of the patch in [1] please?
I'd like to see this kind of CVE get fixed upstream quickly, but obviously without copyright it hampers review.
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=767299
> [2] https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/901716
Cheers,
Carlos
--
Carlos O'Donell
Mentor Graphics / CodeSourcery
carlos_odonell@mentor.com
carlos@codesourcery.com
+1 (613) 963 1026