This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: glibc 2.18 is frozen as of 1:00pm EST.


On Tue, Jul 02, 2013 at 12:44:27PM -0400, Carlos O'Donell wrote:
> Only bug fixes should go in for serious issues.
> 
> As the release manager David has final say into what
> gets checked in as a fix right now. We should be
> assisting him in making those decisions.

I'll make the first exception request for a CVE fix (or set of fixes)
I posted earlier this week to resolve CVE-2012-4412 and CVE-2012-4424:

http://sourceware.org/ml/libc-alpha/2013-06/msg01157.html
http://sourceware.org/ml/libc-alpha/2013-06/msg01158.html
http://sourceware.org/ml/libc-alpha/2013-06/msg01160.html

I don't know if it qualifies as a serious issue since there's no PoC
exploit for those vulnerabilities, but I reckon it wouldn't hurt to
make the request.

Siddhesh


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]