From 0c86790bfdf5a3e61bff6e289c1dcef16154a27b Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Tue, 28 Nov 2017 18:04:36 +0100 Subject: Revert "gnu: glibc: Fix CVE-2017-15670, CVE-2017-15671." These issues has been classified as minor by Debian: https://security-tracker.debian.org/tracker/CVE-2017-15670 https://security-tracker.debian.org/tracker/CVE-2017-15671 In addition, the patch only fixes one of the two CVEs it claims to fix. We don't backport most CVEs, especially non-critical ones, so no need to carry this (which is in 2.26). See discussion at . This reverts commit 60e29339d8389e678bb9ca4bd3420ee9ee88bdf2. --- .../patches/glibc-CVE-2017-15670-15671.patch | 27 ---------------------- 1 file changed, 27 deletions(-) delete mode 100644 gnu/packages/patches/glibc-CVE-2017-15670-15671.patch (limited to 'gnu/packages/patches') diff --git a/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch b/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch deleted file mode 100644 index 76d688c517..0000000000 --- a/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch +++ /dev/null @@ -1,27 +0,0 @@ -Fix CVE-2017-15670: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15670 -https://sourceware.org/bugzilla/show_bug.cgi?id=22320 -https://bugzilla.redhat.com/show_bug.cgi?id=1504804 - -And CVE-2017-15671: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671 -https://sourceware.org/bugzilla/show_bug.cgi?id=22325 -https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15671 - -Copied from upstream: - - -diff --git a/posix/glob.c b/posix/glob.c ---- a/posix/glob.c -+++ b/posix/glob.c -@@ -843,7 +843,7 @@ - *p = '\0'; - } - else -- *((char *) mempcpy (newp, dirname + 1, end_name - dirname)) -+ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1)) - = '\0'; - user_name = newp; - } -- cgit 1.4.1