[libvirt] [PATCH] maint: update to latest gnulib

Eric Blake eblake at redhat.com
Fri Feb 1 16:24:57 UTC 2013


On 02/01/2013 12:16 AM, Jiri Denemark wrote:
> On Thu, Jan 31, 2013 at 16:34:24 -0700, Eric Blake wrote:
>> CVE-2013-0242 in glibc's regex() can cause a DoS in any daemon
>> that runs a regex search on user input while in a multibyte locale.
>> I'm not sure how hard it would be to trigger such a setup for
>> libvirtd, but rather than risk things, we can avoid the issue:
>> gnulib has worked around the problem, and by updating to the latest
>> gnulib, we can avoid the bug even on platforms where glibc has yet
>> to be patched.
>>
>> * .gnulib: Update to latest, for various fixes, including regex.
>> * bootstrap: Resync from upstream.
> 
> ACK

Thanks; pushed.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130201/2a22c244/attachment-0001.sig>


More information about the libvir-list mailing list