Ubuntu
eglibc package

  1. Bug #1396471
  2. Comment #4

Comment 4 for bug 1396471

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package eglibc - 2.15-0ubuntu10.9

---------------
eglibc (2.15-0ubuntu10.9) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service in IBM gconv modules
    - debian/patches/any/CVE-2012-6656.diff: fix check in
      iconvdata/ibm930.c.
    - debian/patches/any/cvs-CVE-2014-6040.diff: fix checks in
      iconvdata/ibm*.c.
    - CVE-2012-6656
    - CVE-2014-6040
  * SECURITY UPDATE: arbitrary command execution via wordexp (LP: #1396471)
    - debian/patches/any/CVE-2014-7817.diff: properly handle WRDE_NOCMD in
      posix/wordexp.c, added tests to posix/wordexp-test.c.
    - CVE-2014-7817
 -- Marc Deslauriers <email address hidden> Tue, 02 Dec 2014 11:21:12 -0500