1
PublicDateAtUSN: 2011-12-19
2
Candidate: CVE-2009-5029
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029
6
http://dividead.wordpress.com/tag/heap-overflow/
7
http://lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html
8
https://usn.ubuntu.com/usn/usn-1396-1
10
Integer overflow in the __tzfile_read function in glibc before 2.15 allows
11
context-dependent attackers to cause a denial of service (crash) and
12
possibly execute arbitrary code via a crafted timezone (TZ) file, as
13
demonstrated using vsftpd.
16
mdeslaur> see upstream bug for possible typo in commit
17
sbeattie> lucid also needs stdint.h included to get SIZE_MAX
18
jdstrand> patch in patches/any/cvs-tzfile.diff on precise
20
http://sourceware.org/bugzilla/show_bug.cgi?id=13506
21
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/906961
22
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650790
28
upstream: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=97ac2654b2d831acaa18a2b018b0736245903fd2
29
upstream_glibc: needs-triage
30
hardy_glibc: released (2.7-10ubuntu8.1)
38
upstream: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=97ac2654b2d831acaa18a2b018b0736245903fd2
39
upstream_eglibc: released (2.13-24)
41
lucid_eglibc: released (2.11.1-0ubuntu7.10)
42
maverick_eglibc: released (2.12.1-0ubuntu10.4)
43
natty_eglibc: released (2.13-0ubuntu13.1)
44
oneiric_eglibc: released (2.13-20ubuntu5.1)
45
devel_eglibc: released (2.13-24ubuntu1)