This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Updating NEWS for 2.26
* Florian Weimer:
> On 08/01/2017 11:20 AM, Siddhesh Poyarekar wrote:
>> On Tuesday 01 August 2017 02:16 PM, Florian Weimer wrote:
>>> * A use-after-free vulnerability in clntudp_call in the Sun RPC system
>>> has been fixed.
>>
>> Is there a CVE number for this or just a preventive fix you put in?
>
> There will be a CVE number, but I haven't got one yet, sorry.
We have CVE assignments now:
https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2017-12132
https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2017-12133