1 Feb
2013
1 Feb
'13
7:16 a.m.
On Thu, Jan 31, 2013 at 16:34:24 -0700, Eric Blake wrote:
CVE-2013-0242 in glibc's regex() can cause a DoS in any daemon that runs a regex search on user input while in a multibyte locale. I'm not sure how hard it would be to trigger such a setup for libvirtd, but rather than risk things, we can avoid the issue: gnulib has worked around the problem, and by updating to the latest gnulib, we can avoid the bug even on platforms where glibc has yet to be patched.
* .gnulib: Update to latest, for various fixes, including regex. * bootstrap: Resync from upstream.
ACK Jirka