Bug 1218867 (CVE-2023-6779)

Summary: VUL-0: CVE-2023-6779: glibc: heap buffer overflow in __vsyslog_internal
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Andreas Schwab <schwab>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: abergmann, meissner, schwab, security-team, thomas.leroy
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 1218863, 1218868    
Bug Blocks:    

Comment 2 Alexander Bergmann 2024-01-16 16:27:58 UTC 
CRD: 2024-01-30 18:00 UTC
Comment 3 Thomas Leroy 2024-01-23 08:27:39 UTC 
Any news Andreas?
Comment 4 Marcus Meissner 2024-01-31 07:49:40 UTC 
is public


https://seclists.org/oss-sec/2024/q1/68
Comment 5 Marcus Meissner 2024-01-31 08:21:49 UTC 
code is not in 15-sp3 glibc 2.31.

only ALP and Factory are affected.
Comment 7 OBSbugzilla Bot 2024-01-31 15:35:02 UTC 
This is an autogenerated message for OBS integration:
This bug (1218867) was mentioned in
https://build.opensuse.org/request/show/1143042 Factory / glibc
Comment 10 Marcus Meissner 2024-05-13 14:41:15 UTC 
done