[libvirt] [PATCH] maint: update to latest gnulib
Jiri Denemark
jdenemar at redhat.com
Fri Feb 1 07:16:59 UTC 2013
On Thu, Jan 31, 2013 at 16:34:24 -0700, Eric Blake wrote:
> CVE-2013-0242 in glibc's regex() can cause a DoS in any daemon
> that runs a regex search on user input while in a multibyte locale.
> I'm not sure how hard it would be to trigger such a setup for
> libvirtd, but rather than risk things, we can avoid the issue:
> gnulib has worked around the problem, and by updating to the latest
> gnulib, we can avoid the bug even on platforms where glibc has yet
> to be patched.
>
> * .gnulib: Update to latest, for various fixes, including regex.
> * bootstrap: Resync from upstream.
ACK
Jirka
More information about the libvir-list
mailing list