BZ #21361 backport to version prior 2.26?
Carlos O'Donell
carlos@redhat.com
Sun Jan 1 00:00:00 GMT 2017
On 11/13/2017 06:22 AM, Sudler, Simon wrote:
> I noticed, that the #21361 (CVE-2017-12132) issue was fixed for 2.26,
> but was not applied in the any older release branches. The patch
> applies perfectly for the code with the vulnerability, only the tests
> requires some backporting.
>
> Is there any reason why this issue has not been fixed in any older
> release?
It is mostly about resources vs. needs.
Backports are driven by active downstream distribution needs
and resources.
Florian Weimer and I backport into stable branches to support
downstream Fedora releases.
IBM may backport to support their Advanced Toolchain needs.
Aurelian Jarno backports to the stable branches to support
Debian releases.
If you have a specific need for a stable backport, you can do
that backport yourself, post here, explain your testing methods,
and we can work to get that committed for you.
--
Cheers,
Carlos.
More information about the Libc-stable
mailing list