oss-sec mailing list archives

Re: two vulns in uClibc-0.9.33.2

From: "fefe" <qbenjin () qq com>
Date: Wed, 21 Jun 2017 11:28:17 +0800

I found two vulns in  uClibc-0.9.33.2 (https://uclibc.org/)

uClibc is dead. Active development happens on uClibc-ng. Is uClibc-ng

also affected by these issues?


uclibc_ng is also affected.

one is about line 2682 of get_subexp.c :

I take it you are referring to libc/misc/regex/regexec.c?



yes. i am sorry??

Current thread:

Re: two vulns in uClibc-0.9.33.2, (continued)
- Re: two vulns in uClibc-0.9.33.2 Zach W (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Peter Korsgaard (Jun 16)
- Re: two vulns in uClibc-0.9.33.2 Seth Arnold (Jun 16)
  - Re: two vulns in uClibc-0.9.33.2 Kurt Seifried (Jun 16)
  - Re: two vulns in uClibc-0.9.33.2 Michal Zalewski (Jun 16)
    - Re: two vulns in uClibc-0.9.33.2 Bob Friesenhahn (Jun 16)
    - Re: two vulns in uClibc-0.9.33.2 Florian Weimer (Jun 17)
    - Re: two vulns in uClibc-0.9.33.2 Michal Zalewski (Jun 17)
    - Re: two vulns in uClibc-0.9.33.2 Simon McVittie (Jun 17)
    - Re: two vulns in uClibc-0.9.33.2 Jakub Wilk (Jun 17)
- Re: two vulns in uClibc-0.9.33.2 fefe (Jun 20)
  - Re: two vulns in uClibc-0.9.33.2 Waldemar Brodkorb (Jun 23)
    - re: two vulns in uClibc-0.9.33.2 fefe (Jun 26)