CVE for library bug that requires application participation

[Alex Gaynor <alex.gaynor () gmail com>]

Hi all,

David Reid, Glyph Lefkowitz, and myself discovered a bug in glibc (
https://sourceware.org/bugzilla/show_bug.cgi?id=17048) which can, in
conjunction with many common memory management techniques from an
application (read: we hit this issue repeatedly developing our Python
application), lead to a use after free, or other vulnerabilities.

Is it within policy to issue a CVE for glibc in a case like this?

Thanks to the Red Hat security team for assisting in triaging this and
working with the Glibc maintainers.

Thanks,
Alex

-- 
"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: 125F 5C67 DFE9 4084