This is the mail archive of the
mailing list for the glibc project.
[PATCH] Record CVE-2018-6485 in ChangeLog and NEWS [BZ #22343]
- From: Florian Weimer <fweimer at redhat dot com>
- To: GNU C Library <libc-alpha at sourceware dot org>, "Dmitry V. Levin" <ldv at altlinux dot org>
- Date: Thu, 1 Feb 2018 15:24:51 +0100
- Subject: [PATCH] Record CVE-2018-6485 in ChangeLog and NEWS [BZ #22343]
- Authentication-results: sourceware.org; auth=none
I got another CVE assignment from MITRE for the posix_memalign issue.
Can we still install it?
Arjun is looking into the malloc fix; we have some disagreement there to
what extent it is a separate issue. I do not observe it with our
2.17-based build on i386. If the affected version range is different
from the posix_memalign issue, technically, we should assign a separate
CVE ID (but it doesn't make sense to stop the release for that).