Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@lists.debian.org>;
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 23 Jan 2016 23:42:02 UTC
Severity: important
Tags: fixed-upstream, security, upstream
Found in version glibc/2.19-18
Fixed in versions glibc/2.21-7, eglibc/2.11.3-4+deb6u9, glibc/2.19-18+deb8u3, eglibc/2.13-38+deb7u10
Done: Aurelien Jarno <aurel32@debian.org>
Bug is archived. No further changes may be made.
Forwarded to https://sourceware.org/bugzilla/show_bug.cgi?id=18985
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>
:
Bug#812445
; Package src:glibc
.
(Sat, 23 Jan 2016 23:42:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>
.
(Sat, 23 Jan 2016 23:42:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: glibc Version: 2.19-18 Severity: important Tags: security upstream Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=18985 Hi, the following vulnerability was published for glibc. CVE-2015-8776[0]: Passing out of range data to strftime() causes a segfault If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-8776 [1] https://sourceware.org/bugzilla/show_bug.cgi?id=18985 Regards, Salvatore
Marked as fixed in versions glibc/2.21-7.
Request was from Aurelien Jarno <aurel32@debian.org>
to control@bugs.debian.org
.
(Sat, 23 Jan 2016 23:51:06 GMT) (full text, mbox, link).
Added tag(s) fixed-upstream.
Request was from bts-link-upstream@lists.alioth.debian.org
to control@bugs.debian.org
.
(Mon, 25 Jan 2016 21:12:32 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from Aurelien Jarno <aurelien@aurel32.net>
to control@bugs.debian.org
.
(Wed, 27 Jan 2016 17:51:14 GMT) (full text, mbox, link).
Message sent on
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug#812445.
(Wed, 27 Jan 2016 17:51:20 GMT) (full text, mbox, link).
Message #14 received at 812445-submitter@bugs.debian.org (full text, mbox, reply):
tag 812445 pending thanks Hello, Bug #812445 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: http://git.debian.org/?p=pkg-glibc/glibc.git;a=commitdiff;h=9792f19 --- commit 9792f19af42e3760fffc61cd1d8391d259f89214 Author: Aurelien Jarno <aurelien@aurel32.net> Date: Wed Jan 27 18:47:18 2016 +0100 Update from upstream stable branch - Fix segmentation fault caused by passing out-of-range data to strftime() (CVE-2015-8776). Closes: #812445. - Fix multiple unbounded stack allocations in catopen() (CVE-2015-8779). Closes: #812455. diff --git a/debian/changelog b/debian/changelog index 2a1f090..0931f1b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +glibc (2.19-18+deb8u3) UNRELEASED; urgency=medium + + [ Aurelien Jarno ] + * Update from upstream stable branch: + - Fix segmentation fault caused by passing out-of-range data to strftime() + (CVE-2015-8776). Closes: #812445. + - Fix multiple unbounded stack allocations in catopen() (CVE-2015-8779). + Closes: #812455. + + -- Aurelien Jarno <aurel32@debian.org> Wed, 27 Jan 2016 18:46:44 +0100 + glibc (2.19-18+deb8u2) stable; urgency=medium [ Aurelien Jarno ]
Message sent on
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug#812445.
(Mon, 01 Feb 2016 09:00:15 GMT) (full text, mbox, link).
Message #17 received at 812445-submitter@bugs.debian.org (full text, mbox, reply):
tag 812445 pending thanks Hello, Bug #812445 reported by you has been fixed in the Git repository. You can see the changelog below, and you can check the diff of the fix at: http://git.debian.org/?p=pkg-glibc/glibc.git;a=commitdiff;h=99674c8 --- commit 99674c860fb4125710f770deccb217e3e574d8eb Author: Aurelien Jarno <aurelien@aurel32.net> Date: Mon Feb 1 08:21:28 2016 +0100 patches/any/cvs-strftime.diff: new patch from upstream to fix segmentation fault caused by passing out-of-range data to strftime() (CVE-2015-8776). Closes: #812445. diff --git a/debian/changelog b/debian/changelog index 1632823..dc60326 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +eglibc (2.13-38+deb7u10) UNRELEASED; urgency=medium + + [ Aurelien Jarno ] + * patches/any/cvs-strftime.diff: new patch from upstream to fix + segmentation fault caused by passing out-of-range data to strftime() + (CVE-2015-8776). Closes: #812445. + + -- Aurelien Jarno <aurel32@debian.org> Sun, 31 Jan 2016 12:55:29 +0100 + eglibc (2.13-38+deb7u9) wheezy; urgency=medium [ Aurelien Jarno ]
Reply sent
to Santiago Ruano Rincón <santiagorr@riseup.net>
:
You have taken responsibility.
(Fri, 05 Feb 2016 12:24:07 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Fri, 05 Feb 2016 12:24:07 GMT) (full text, mbox, link).
Message #22 received at 812445-close@bugs.debian.org (full text, mbox, reply):
Source: eglibc Source-Version: 2.11.3-4+deb6u9 We believe that the bug you reported is fixed in the latest version of eglibc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 812445@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Santiago Ruano Rincón <santiagorr@riseup.net> (supplier of updated eglibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 04 Feb 2016 20:54:36 +0100 Source: eglibc Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-sparcv9b libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb Architecture: source all amd64 Version: 2.11.3-4+deb6u9 Distribution: squeeze-lts Urgency: medium Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org> Changed-By: Santiago Ruano Rincón <santiagorr@riseup.net> Description: eglibc-source - Embedded GNU C Library: sources glibc-doc - Embedded GNU C Library: Documentation libc-bin - Embedded GNU C Library: Binaries libc-dev-bin - Embedded GNU C Library: Development binaries libc0.1 - Embedded GNU C Library: Shared libraries libc0.1-dbg - Embedded GNU C Library: detached debugging symbols libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for AMD64 libc0.1-i386 - Embedded GNU C Library: 32bit shared libraries for AMD64 libc0.1-i686 - Embedded GNU C Library: Shared libraries [i686 optimized] libc0.1-pic - Embedded GNU C Library: PIC archive library libc0.1-prof - Embedded GNU C Library: Profiling Libraries libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc0.3 - Embedded GNU C Library: Shared libraries libc0.3-dbg - Embedded GNU C Library: detached debugging symbols libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files libc0.3-i686 - Embedded GNU C Library: Shared libraries [i686 optimized] libc0.3-pic - Embedded GNU C Library: PIC archive library libc0.3-prof - Embedded GNU C Library: Profiling Libraries libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc0.3-xen - Embedded GNU C Library: Shared libraries [Xen version] libc6 - Embedded GNU C Library: Shared libraries libc6-amd64 - Embedded GNU C Library: 64bit Shared libraries for AMD64 libc6-dbg - Embedded GNU C Library: detached debugging symbols libc6-dev - Embedded GNU C Library: Development Libraries and Header Files libc6-dev-amd64 - Embedded GNU C Library: 64bit Development Libraries for AMD64 libc6-dev-i386 - Embedded GNU C Library: 32-bit development libraries for AMD64 libc6-dev-mips64 - Embedded GNU C Library: 64bit Development Libraries for MIPS64 libc6-dev-mipsn32 - Embedded GNU C Library: n32 Development Libraries for MIPS64 libc6-dev-powerpc - Embedded GNU C Library: 32bit powerpc development libraries for p libc6-dev-ppc64 - Embedded GNU C Library: 64bit Development Libraries for PowerPC64 libc6-dev-s390x - Embedded GNU C Library: 64bit Development Libraries for IBM zSeri libc6-dev-sparc64 - Embedded GNU C Library: 64bit Development Libraries for UltraSPAR libc6-i386 - Embedded GNU C Library: 32-bit shared libraries for AMD64 libc6-i686 - Embedded GNU C Library: Shared libraries [i686 optimized] libc6-mips64 - Embedded GNU C Library: 64bit Shared libraries for MIPS64 libc6-mipsn32 - Embedded GNU C Library: n32 Shared libraries for MIPS64 libc6-pic - Embedded GNU C Library: PIC archive library libc6-powerpc - Embedded GNU C Library: 32bit powerpc shared libraries for ppc64 libc6-ppc64 - Embedded GNU C Library: 64bit Shared libraries for PowerPC64 libc6-prof - Embedded GNU C Library: Profiling Libraries libc6-s390x - Embedded GNU C Library: 64bit Shared libraries for IBM zSeries libc6-sparc64 - Embedded GNU C Library: 64bit Shared libraries for UltraSPARC libc6-sparcv9b - Embedded GNU C Library: Shared libraries [v9b optimized] libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc6-xen - Embedded GNU C Library: Shared libraries [Xen version] libc6.1 - Embedded GNU C Library: Shared libraries libc6.1-alphaev67 - Embedded GNU C Library: Shared libraries (EV67 optimized) libc6.1-dbg - Embedded GNU C Library: detached debugging symbols libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files libc6.1-pic - Embedded GNU C Library: PIC archive library libc6.1-prof - Embedded GNU C Library: Profiling Libraries libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libnss-dns-udeb - Embedded GNU C Library: NSS helper for DNS - udeb (udeb) libnss-files-udeb - Embedded GNU C Library: NSS helper for files - udeb (udeb) locales - Embedded GNU C Library: National Language (locale) data [support] locales-all - Embedded GNU C Library: Precompiled locale data nscd - Embedded GNU C Library: Name Service Cache Daemon Closes: 812441 812445 812455 813187 Changes: eglibc (2.11.3-4+deb6u9) squeeze-lts; urgency=medium . * Non-maintainer upload by the Squeeze LTS Team. * Fix CVE-2014-9761: Unbounded stack allocation in nan* functions. Closes: #813187. * Fix CVE-2015-8776: Segmentation fault caused by passing out-of-range data to strftime(). Closes: #812445. * Fix CVE-2015-8778: Integer overflow in hcreate and hcreate_r. Closes: #812441. * Fix CVE-2015-8779: Multiple unbounded stack allocations in catopen(). Closes: #812455. Checksums-Sha1: d285a4ba6656a9215323d0a3b29364a5079331d2 3250 eglibc_2.11.3-4+deb6u9.dsc c6e3d5d1a67869e72e943c3f1a62c6cda05e08e2 990384 eglibc_2.11.3-4+deb6u9.diff.gz bddc5a15d157130398f22a783ef05d0e922155a9 1854040 glibc-doc_2.11.3-4+deb6u9_all.deb 0e2f1de9f48d5e8d5e83c128ebe00a96aeac7aa2 11227394 eglibc-source_2.11.3-4+deb6u9_all.deb 8ce4e5d85fe4f0f01d89b42c0fdc0c8f195d2c63 4760432 locales_2.11.3-4+deb6u9_all.deb f724ce90524e9c4f215b95f598978a4cb0052ebc 4306982 libc6_2.11.3-4+deb6u9_amd64.deb aeff9f282a19286a436540f589206706e2d67b46 2617498 libc6-dev_2.11.3-4+deb6u9_amd64.deb bfab507e9852cf43d0d657a5c26f71272290dbd8 2059568 libc6-prof_2.11.3-4+deb6u9_amd64.deb ac75d66f7be3ab85af41522779144d6a755be63c 1574938 libc6-pic_2.11.3-4+deb6u9_amd64.deb f3157da6152cfbd6b2ad000ac70d6ed2b7d29170 756370 libc-bin_2.11.3-4+deb6u9_amd64.deb 2c1aa47f91cf179cad9d29eb43eb90d0cb108a95 211242 libc-dev-bin_2.11.3-4+deb6u9_amd64.deb a98dd2ddcd9349c9d39186fbfab154b5a0212bf7 3603888 locales-all_2.11.3-4+deb6u9_amd64.deb 47204594544cd52f09ba79e7f6fdccba21a3a897 3841374 libc6-i386_2.11.3-4+deb6u9_amd64.deb 402bbfdc5fa0b487f0806038b0c87e61b59ce2f4 1556430 libc6-dev-i386_2.11.3-4+deb6u9_amd64.deb d3632518540989a16828be0cc026f521ba45ad9e 201130 nscd_2.11.3-4+deb6u9_amd64.deb 10a2679e709efdc14e6b19970bbf7aac84ffbef5 10585246 libc6-dbg_2.11.3-4+deb6u9_amd64.deb 42ceb550ab69c496e012ecb0954706894a5a1e4a 1172628 libc6-udeb_2.11.3-4+deb6u9_amd64.udeb b2b10c8f1996b6a60be02b143f76c6c42f817e44 11108 libnss-dns-udeb_2.11.3-4+deb6u9_amd64.udeb a401243af0d410ead7c6d11de174c7f5f89fb28c 20142 libnss-files-udeb_2.11.3-4+deb6u9_amd64.udeb Checksums-Sha256: ef8f8103b778881d68744b53a79e2185e7d78248e59fea8e8179b85e923e006f 3250 eglibc_2.11.3-4+deb6u9.dsc dc6c661e3406390b25cd7ae0d16b2b7b979a9cf6f874b1f710aa17e77a430e82 990384 eglibc_2.11.3-4+deb6u9.diff.gz 6aa2b554cdfd61cc18e8d1cb5579d2d4abcd4990a3198ae5af7456abcae9b049 1854040 glibc-doc_2.11.3-4+deb6u9_all.deb fe3c812bdaaf33d60a0378e10bbe358aff3d14435e65f361b5bc59a8df7c1e4d 11227394 eglibc-source_2.11.3-4+deb6u9_all.deb 330c9b18df2f3f77a3b604ce68e76bbcaabf288565632e5334418415170cadb8 4760432 locales_2.11.3-4+deb6u9_all.deb bc8a03cdacd587c77142fbbaf1f31e283dde995256fdfe73e6d1a0dd2ec161c9 4306982 libc6_2.11.3-4+deb6u9_amd64.deb aee39e3a8e0ecb4023b0369f8cc3940e3814955be16bfb26af969c8d38d70dc1 2617498 libc6-dev_2.11.3-4+deb6u9_amd64.deb d4620d33e1bdae5dd447d26e8c4a4f095d3bd7192a7bffc2f77b82e9357d6091 2059568 libc6-prof_2.11.3-4+deb6u9_amd64.deb 155ff7eccf46262c7850ec9128a49b49e18de2743fcc37681b6fe99fbb7f03c4 1574938 libc6-pic_2.11.3-4+deb6u9_amd64.deb 27d840767004f1d6b99fb6141b786cc625f2448ea6dc3ea3ba4246f3476f4bee 756370 libc-bin_2.11.3-4+deb6u9_amd64.deb df0cd96ad5c85b41f1ce6016831e0673d7487e963b0db8a9f9e66d19a68001a8 211242 libc-dev-bin_2.11.3-4+deb6u9_amd64.deb 2dcf5f02d0f2ac807b6fa8dbfc3940b075f868413402fdb96765e15b1f64854a 3603888 locales-all_2.11.3-4+deb6u9_amd64.deb ce6e6ea558e39dbba7361740a255ce3f267821679d04e0561fc9dd79d52bfd39 3841374 libc6-i386_2.11.3-4+deb6u9_amd64.deb 42ebda60737b28fc468129033ccbf24321610bdabffa7fe4492bc3902e0bd194 1556430 libc6-dev-i386_2.11.3-4+deb6u9_amd64.deb f2da6a0a8ef3d758cecf4efb73eb3ff6db41172ba4c0493a94ceba1122c4bac1 201130 nscd_2.11.3-4+deb6u9_amd64.deb 2e8d10250605952b77ba95f8704fc4f2efe13870d4318aedb981d6240470013c 10585246 libc6-dbg_2.11.3-4+deb6u9_amd64.deb f8ca756e8af00a2557ded9885b45716390444e572f8b876b8d14256e97dfc82a 1172628 libc6-udeb_2.11.3-4+deb6u9_amd64.udeb ceff527a12b8d0a614c10fc806439380d6c4aa28d637644a32787fdda7c1e9f7 11108 libnss-dns-udeb_2.11.3-4+deb6u9_amd64.udeb ffe11f1adf95eafb3e09858525aeb728f62efb352f8edb3afe8279aa8cbf3438 20142 libnss-files-udeb_2.11.3-4+deb6u9_amd64.udeb Files: aa1c9f9f62a8cc7e7291686c7e7bb04f 3250 libs required eglibc_2.11.3-4+deb6u9.dsc 74e798764a617a610c6c9cba9894e1d8 990384 libs required eglibc_2.11.3-4+deb6u9.diff.gz 34619f5be90b1c0b32019d15f8a9d0b7 1854040 doc optional glibc-doc_2.11.3-4+deb6u9_all.deb 24021664a2f2cd30df28cd9fb3f755c3 11227394 devel optional eglibc-source_2.11.3-4+deb6u9_all.deb 7dde06777c7fcb3c5bbee9e250623eb3 4760432 localization standard locales_2.11.3-4+deb6u9_all.deb e4195fc5ce566d32e883cd9f0584a23a 4306982 libs required libc6_2.11.3-4+deb6u9_amd64.deb b1e2e889b57b79d86d7b7d82af741ec0 2617498 libdevel optional libc6-dev_2.11.3-4+deb6u9_amd64.deb b03c6c648fc2268435b82917b5bddb05 2059568 libdevel extra libc6-prof_2.11.3-4+deb6u9_amd64.deb ad8b26bd99aa09eaa2b79abc91b74c4a 1574938 libdevel optional libc6-pic_2.11.3-4+deb6u9_amd64.deb 7df25d65ee57ce1d4f123f88746c95d3 756370 libs required libc-bin_2.11.3-4+deb6u9_amd64.deb 24d063a21ff0a3e71b0e35bc3ef0fcba 211242 libdevel optional libc-dev-bin_2.11.3-4+deb6u9_amd64.deb 9cc041aa64b4023e293f59ba45dda337 3603888 localization extra locales-all_2.11.3-4+deb6u9_amd64.deb 23860c3d0565dd369f080895249fcee0 3841374 libs optional libc6-i386_2.11.3-4+deb6u9_amd64.deb fa37b70e86eacd2486cead37d5e08a4f 1556430 libdevel optional libc6-dev-i386_2.11.3-4+deb6u9_amd64.deb 49c7cc517104acb2fd1c4de2bf015558 201130 admin optional nscd_2.11.3-4+deb6u9_amd64.deb 190e2a23584d79c93dae5017487b2f84 10585246 debug extra libc6-dbg_2.11.3-4+deb6u9_amd64.deb a86f42229a1ac3ea7cabee88eae8bcd1 1172628 debian-installer extra libc6-udeb_2.11.3-4+deb6u9_amd64.udeb a71cc1f8fdfc21370327ae4ecebb4433 11108 debian-installer extra libnss-dns-udeb_2.11.3-4+deb6u9_amd64.udeb 1a6890e68feb92099a7e5847c101e82c 20142 debian-installer extra libnss-files-udeb_2.11.3-4+deb6u9_amd64.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWtIYiAAoJEN5v/bjI1ki9EGUP/iFIZkQUf0eWof4J9uog+s1f 7V1aMi4thzg7BXzUGu/16Q3RACbwLJzEYu8Cqk4YiAoLbvd4vQKa6DhCk3RnZWdE uHnH2oCIqZ1+etPiQ0oqOvnPSkOpevaSnNmyIj8Fhr0FWSCwUuH2XNK8i3Q10p5N NPBPrQ4jf3WmpocTkCVTf8MlxcBQUyRs5KiTDTdkX2AV9mAPCVMUbDp0Ss0yXvNe tQau+iYDvljzOJKb2CSI0+TMWCPJvLwWFGeXyIRhRQcQoWWGvxCrCIVpT3DPJBZG McXPB7dt8YcrihAIUf9a4PgiIeQRq31A0rhH5bT5VOKIx0z4r9TMQyWv4EsJZAQs SSPkBeiMz4TTd5lcRck+l9zI0pj1qseE/B6cf9a056nOFp7GOn2pcbBcoFm9BxXP u8IFNaC8Cq2ReYPC/FJGYiXbcrDg6dLSvfefhgPkV0OXNz8nxiyLAkuB+UmQbuYX VzC/mWI13RKI1PvPSmmqLMrLWaC2Ua5KaN+DgXSC0iyjcj/Xx1US8xmWnSlGYzQW eIDi/bkS/BXCeWKhKOr8cw6hH2OUI6ngO+YIsCOsDM6L35Ej9Q+uINNDstQH+LGt qlaPIxitJxASSXZVlPBbSU+4Kit9qJ6HbG5IZ/8T2OW7/7JqOSS1O/d7SZLEztOe EbYJ35RQ9H08V/m06EzN =Cu/n -----END PGP SIGNATURE-----
Reply sent
to Aurelien Jarno <aurel32@debian.org>
:
You have taken responsibility.
(Mon, 29 Feb 2016 07:36:08 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Mon, 29 Feb 2016 07:36:08 GMT) (full text, mbox, link).
Message #27 received at 812445-close@bugs.debian.org (full text, mbox, reply):
Source: glibc Source-Version: 2.19-18+deb8u3 We believe that the bug you reported is fixed in the latest version of glibc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 812445@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 11 Feb 2016 23:31:28 +0100 Source: glibc Binary: libc-bin libc-dev-bin glibc-doc glibc-source locales locales-all nscd multiarch-support libc6 libc6-dev libc6-dbg libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc libc6-dev-sparc libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mips32 libc6-dev-mips32 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-x32 libc6-dev-x32 libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libc6-loongson2f libnss-dns-udeb libnss-files-udeb Architecture: source all amd64 Version: 2.19-18+deb8u3 Distribution: stable-security Urgency: medium Maintainer: Aurelien Jarno <aurel32@debian.org> Changed-By: Aurelien Jarno <aurel32@debian.org> Description: glibc-doc - GNU C Library: Documentation glibc-source - GNU C Library: sources libc-bin - GNU C Library: Binaries libc-dev-bin - GNU C Library: Development binaries libc0.1 - GNU C Library: Shared libraries libc0.1-dbg - GNU C Library: detached debugging symbols libc0.1-dev - GNU C Library: Development Libraries and Header Files libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64 libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64 libc0.1-i686 - GNU C Library: Shared libraries [i686 optimized] libc0.1-pic - GNU C Library: PIC archive library libc0.1-udeb - GNU C Library: Shared libraries - udeb (udeb) libc0.3 - GNU C Library: Shared libraries libc0.3-dbg - GNU C Library: detached debugging symbols libc0.3-dev - GNU C Library: Development Libraries and Header Files libc0.3-i686 - GNU C Library: Shared libraries [i686 optimized] libc0.3-pic - GNU C Library: PIC archive library libc0.3-udeb - GNU C Library: Shared libraries - udeb (udeb) libc0.3-xen - GNU C Library: Shared libraries [Xen version] libc6 - GNU C Library: Shared libraries libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64 libc6-dbg - GNU C Library: detached debugging symbols libc6-dev - GNU C Library: Development Libraries and Header Files libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64 libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64 libc6-dev-mips32 - GNU C Library: o32 Development Libraries for MIPS libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64 libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64 libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for ppc64 libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64 libc6-dev-s390 - GNU C Library: 32bit Development Libraries for IBM zSeries libc6-dev-sparc - GNU C Library: 32bit Development Libraries for SPARC libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC libc6-dev-x32 - GNU C Library: X32 ABI Development Libraries for AMD64 libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64 libc6-i686 - GNU C Library: Shared libraries [i686 optimized] libc6-loongson2f - GNU C Library: Shared libraries (Loongson 2F optimized) libc6-mips32 - GNU C Library: o32 Shared libraries for MIPS libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64 libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64 libc6-pic - GNU C Library: PIC archive library libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64 libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64 libc6-s390 - GNU C Library: 32bit Shared libraries for IBM zSeries libc6-sparc - GNU C Library: 32bit Shared libraries for SPARC libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC libc6-udeb - GNU C Library: Shared libraries - udeb (udeb) libc6-x32 - GNU C Library: X32 ABI Shared libraries for AMD64 libc6-xen - GNU C Library: Shared libraries [Xen version] libc6.1 - GNU C Library: Shared libraries libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized) libc6.1-dbg - GNU C Library: detached debugging symbols libc6.1-dev - GNU C Library: Development Libraries and Header Files libc6.1-pic - GNU C Library: PIC archive library libc6.1-udeb - GNU C Library: Shared libraries - udeb (udeb) libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb) libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb) locales - GNU C Library: National Language (locale) data [support] locales-all - GNU C Library: Precompiled locale data multiarch-support - Transitional package to ensure multiarch compatibility nscd - GNU C Library: Name Service Cache Daemon Closes: 812441 812445 812455 Changes: glibc (2.19-18+deb8u3) stable-security; urgency=medium . [ Aurelien Jarno ] * Update from upstream stable branch: - Fix segmentation fault caused by passing out-of-range data to strftime() (CVE-2015-8776). Closes: #812445. - Fix an integer overflow in hcreate() and hcreate_r() (CVE-2015-8778). Closes: #812441. - Fix multiple unbounded stack allocations in catopen() (CVE-2015-8779). Closes: #812455. * patches/any/local-CVE-2015-7547.diff: new patch to fix glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547). Checksums-Sha1: c5623077cc29173411f8640eb0a65376c874f774 8238 glibc_2.19-18+deb8u3.dsc dab2c05a54357c1734226c5849dfc8ed39bc735a 1039748 glibc_2.19-18+deb8u3.debian.tar.xz e4e0e5b19fdb548c54b71cdcc88389d00292da66 2267448 glibc-doc_2.19-18+deb8u3_all.deb f9257857feeaa337c1465c6caf541e6783ff1ce0 14241316 glibc-source_2.19-18+deb8u3_all.deb 83de00cddf27914cdd8c578c798934298fb3d345 3944088 locales_2.19-18+deb8u3_all.deb Checksums-Sha256: f8bf87a6534af05ee633e641618d186624df3eae1525e7f0c7ea3052c01631c4 8238 glibc_2.19-18+deb8u3.dsc 17fe23e6d8c09bb562d6413a40c9f4469d05dcb76c9810bd3bbaf73088d05aa8 1039748 glibc_2.19-18+deb8u3.debian.tar.xz 88a9e63fb21bd6ead3b8c9a9fc28557740db42fd6c558155a4c823eaa305941c 2267448 glibc-doc_2.19-18+deb8u3_all.deb aab3af4878fc2d51dcd892c700cf2dbad45f4a39b202ac35f7413bb77ec7849b 14241316 glibc-source_2.19-18+deb8u3_all.deb 5b946def9a80ca9af4baa073e41068181dcec977dc9dbd2a6ed53ab2f8a2a0b9 3944088 locales_2.19-18+deb8u3_all.deb Files: 1694093d17c2b0235e99947e7731924b 8238 libs required glibc_2.19-18+deb8u3.dsc d392c1bad0f2915adc6012ce79da7946 1039748 libs required glibc_2.19-18+deb8u3.debian.tar.xz 8c27c6af1180cd9383769d6a7317288f 2267448 doc optional glibc-doc_2.19-18+deb8u3_all.deb 7703518c12e2b1d8126f5e1a279ff67c 14241316 devel optional glibc-source_2.19-18+deb8u3_all.deb da2a96fc8df00c1a916a0ffa434f8d2a 3944088 localization standard locales_2.19-18+deb8u3_all.deb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWvRUaAAoJELqceAYd3YybcB8QAIvD3IWcO7rzknRsimAsCyJX /q/dnhNQMpnfgCagKiDUBBvUjyCJLZ3SOUvNIqLuI+JMjKj3QEprRYjQP7k/EUJ9 rsF8pcIi1KsTBUuuueBqlvP3jkQ98mVctqqjaG/2WFvw6BX/Tl9RCwR9gn1MFZ/f Z2WyuCySp3nH4sYLZZU8CeXL7vO36vEDWhib9QSj31ajvSv75MmFX2g4g7PplefP vwFIamKVhd6eudfF3tji6+cVh5Athiyb2P8SC8yYRnRjL9/U5NP1piq3U0AcRShr 6dgPjJLzoAqyaZG7m6ElSsqbm0tA4aMrV1lNdvvlIh+P7maI4ZP9axJAIoRQ6EM8 lSA/0QAsB2/awqssROWmVjwLt/vRYB2VWkCIZ4KxfcqaP+h5UFl3up7prgdO76yB X+y7h8GB+g0/AZdUeBW08XrBRuDvlujREawn0vZFytCI8eHOIJSTD4SIp9HuurPP BB4lll3ePJg7aNIAODroPjtMM/zV2M8A6Cc2tsQ3BB9/btD8UvE2ZIsWs3KBTpwG Ff/vKBqhGEnZXMBj9+DfAr0yue4e6rZNKQbmoDlLFGA2OIDgSVQrAxQPCoolRj1E wnzaczua2CvLQ5FPHvoK5QfjneYcnzkCqEnKt/xxOOQplD7DngOyxmm9LMBAe1n2 9CKL1AY5IVtc8WdIRxqk =0kDR -----END PGP SIGNATURE-----
Reply sent
to Aurelien Jarno <aurel32@debian.org>
:
You have taken responsibility.
(Mon, 25 Apr 2016 22:21:20 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Mon, 25 Apr 2016 22:21:20 GMT) (full text, mbox, link).
Message #32 received at 812445-close@bugs.debian.org (full text, mbox, reply):
Source: eglibc Source-Version: 2.13-38+deb7u10 We believe that the bug you reported is fixed in the latest version of eglibc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 812445@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aurelien Jarno <aurel32@debian.org> (supplier of updated eglibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 11 Feb 2016 23:11:53 +0100 Source: eglibc Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd multiarch-support libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libc6-loongson2f libnss-dns-udeb libnss-files-udeb Architecture: source all amd64 Version: 2.13-38+deb7u10 Distribution: wheezy-security Urgency: medium Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org> Changed-By: Aurelien Jarno <aurel32@debian.org> Description: eglibc-source - Embedded GNU C Library: sources glibc-doc - Embedded GNU C Library: Documentation libc-bin - Embedded GNU C Library: Binaries libc-dev-bin - Embedded GNU C Library: Development binaries libc0.1 - Embedded GNU C Library: Shared libraries libc0.1-dbg - Embedded GNU C Library: detached debugging symbols libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for AMD64 libc0.1-i386 - Embedded GNU C Library: 32bit shared libraries for AMD64 libc0.1-i686 - Embedded GNU C Library: Shared libraries [i686 optimized] libc0.1-pic - Embedded GNU C Library: PIC archive library libc0.1-prof - Embedded GNU C Library: Profiling Libraries libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc0.3 - Embedded GNU C Library: Shared libraries libc0.3-dbg - Embedded GNU C Library: detached debugging symbols libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files libc0.3-i686 - Embedded GNU C Library: Shared libraries [i686 optimized] libc0.3-pic - Embedded GNU C Library: PIC archive library libc0.3-prof - Embedded GNU C Library: Profiling Libraries libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc0.3-xen - Embedded GNU C Library: Shared libraries [Xen version] libc6 - Embedded GNU C Library: Shared libraries libc6-amd64 - Embedded GNU C Library: 64bit Shared libraries for AMD64 libc6-dbg - Embedded GNU C Library: detached debugging symbols libc6-dev - Embedded GNU C Library: Development Libraries and Header Files libc6-dev-amd64 - Embedded GNU C Library: 64bit Development Libraries for AMD64 libc6-dev-i386 - Embedded GNU C Library: 32-bit development libraries for AMD64 libc6-dev-mips64 - Embedded GNU C Library: 64bit Development Libraries for MIPS64 libc6-dev-mipsn32 - Embedded GNU C Library: n32 Development Libraries for MIPS64 libc6-dev-powerpc - Embedded GNU C Library: 32bit powerpc development libraries for p libc6-dev-ppc64 - Embedded GNU C Library: 64bit Development Libraries for PowerPC64 libc6-dev-s390 - Embedded GNU C Library: 32bit Development Libraries for IBM zSeri libc6-dev-s390x - Embedded GNU C Library: 64bit Development Libraries for IBM zSeri libc6-dev-sparc64 - Embedded GNU C Library: 64bit Development Libraries for UltraSPAR libc6-i386 - Embedded GNU C Library: 32-bit shared libraries for AMD64 libc6-i686 - Embedded GNU C Library: Shared libraries [i686 optimized] libc6-loongson2f - Embedded GNU C Library: Shared libraries (Loongson 2F optimized) libc6-mips64 - Embedded GNU C Library: 64bit Shared libraries for MIPS64 libc6-mipsn32 - Embedded GNU C Library: n32 Shared libraries for MIPS64 libc6-pic - Embedded GNU C Library: PIC archive library libc6-powerpc - Embedded GNU C Library: 32bit powerpc shared libraries for ppc64 libc6-ppc64 - Embedded GNU C Library: 64bit Shared libraries for PowerPC64 libc6-prof - Embedded GNU C Library: Profiling Libraries libc6-s390 - Embedded GNU C Library: 32bit Shared libraries for IBM zSeries libc6-s390x - Embedded GNU C Library: 64bit Shared libraries for IBM zSeries libc6-sparc64 - Embedded GNU C Library: 64bit Shared libraries for UltraSPARC libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc6-xen - Embedded GNU C Library: Shared libraries [Xen version] libc6.1 - Embedded GNU C Library: Shared libraries libc6.1-alphaev67 - Embedded GNU C Library: Shared libraries (EV67 optimized) libc6.1-dbg - Embedded GNU C Library: detached debugging symbols libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files libc6.1-pic - Embedded GNU C Library: PIC archive library libc6.1-prof - Embedded GNU C Library: Profiling Libraries libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libnss-dns-udeb - Embedded GNU C Library: NSS helper for DNS - udeb (udeb) libnss-files-udeb - Embedded GNU C Library: NSS helper for files - udeb (udeb) locales - Embedded GNU C Library: National Language (locale) data [support] locales-all - Embedded GNU C Library: Precompiled locale data multiarch-support - Transitional package to ensure multiarch compatibility nscd - Embedded GNU C Library: Name Service Cache Daemon Closes: 812441 812445 812455 Changes: eglibc (2.13-38+deb7u10) wheezy-security; urgency=medium . [ Aurelien Jarno ] * patches/any/cvs-strftime.diff: new patch from upstream to fix segmentation fault caused by passing out-of-range data to strftime() (CVE-2015-8776). Closes: #812445. * patches/any/cvs-hcreate.diff: new patch from upstream to fix an integer overflow in hcreate() and hcreate_r() (CVE-2015-8778). Closes: #812441. * patches/any/cvs-catopen.diff: new patch from upstream to fix multiple unbounded stack allocations in catopen() (CVE-2015-8779). Closes: #812455. * patches/any/cvs-gethostbyname4-memory-leak.diff: new patch from upstream to fix a memory leak in _nss_dns_gethostbyname4_r with big DNS answers. * patches/any/local-CVE-2015-7547.diff: new patch to fix glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547). Checksums-Sha1: 88c4d272d517a7e9fd19c17e7ea82aad54ec1e1b 5376 eglibc_2.13-38+deb7u10.dsc fe803d763aece9cdadcbf79f9c4fce848ef55dd4 2043246 eglibc_2.13-38+deb7u10.diff.gz b275dd5a7d9615503bdd4a3264ab5e6dadf666f9 1898642 glibc-doc_2.13-38+deb7u10_all.deb 095e1996d872eb1030e9684b7b4570c17acd7730 13565616 eglibc-source_2.13-38+deb7u10_all.deb 765589b94675996a6cc78de0bb326bf624780bde 5717232 locales_2.13-38+deb7u10_all.deb Checksums-Sha256: 55af8c243c4dfb1fba69e5eb5587e6c7228f3114e885cc3fee5c8776f7a3d9c5 5376 eglibc_2.13-38+deb7u10.dsc 30c68b8ac3d434f19feafd2f2814224d53548ade548e1abbf49a0b128fb2e95d 2043246 eglibc_2.13-38+deb7u10.diff.gz 35d7b8320f2cd4109d2597500ca342359732dd20a74e17c03651259aedec1c9b 1898642 glibc-doc_2.13-38+deb7u10_all.deb f67dbbb799eae2116b58e1f3e9a848996b0010b883aa8946d768e526fe4b8067 13565616 eglibc-source_2.13-38+deb7u10_all.deb da8a6574b0655fb36183ac732d3483006b28157f06b9f331dec60ef76c80268e 5717232 locales_2.13-38+deb7u10_all.deb Files: d5a7a9976d1937cc6f0cec965df6f981 5376 libs required eglibc_2.13-38+deb7u10.dsc c061cd248a62e5ffe6758e3f08a30f06 2043246 libs required eglibc_2.13-38+deb7u10.diff.gz d4cf7a03a746a256569fdc22c721582a 1898642 doc optional glibc-doc_2.13-38+deb7u10_all.deb 7228afeb66bf69582998c2bd33213562 13565616 devel optional eglibc-source_2.13-38+deb7u10_all.deb 33da2b340dbc7f16f556d2e62ec3dabb 5717232 localization standard locales_2.13-38+deb7u10_all.deb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWvRVrAAoJELqceAYd3Yyb31oP/Rl20sl/ZJIo5WUFELhDYs/2 KWE+pSBgQ0QT6igOn2D2LGDZgVONPCyhhuDLkWk7gQYHQOAZminzxjobIx52F0/K cXVk7EuZlOs55e67Ma3AXnwy+dMSqsuo5RPZgW9AELdhZtAcHKBqFog47+7hBNgf y7kfeXFa/HE3U5fj/anKYqMWVWmIiTHq4A6C9Cjce/KN7QmG64dX1SsLoqx8SfmR M1kAv+DYt3C73S5hChFC3NOCY/e+W29tcpJikDwaWV0Rt3dmAXrKjFmS1ivbrBPn VtgoHQCVCm88XeryQrucWXKh4SklMgHfy3rlun0RiSO6V03iBn0UV0Li80XY2ssB 831F6SDmsSJkyGyAeuCjaSGUEFf7Q1w3+80tSkHDujQEdlGMqipfocfQtlTP3mAL k5YfG4TzuF6bSd7g9pdQ+MshzdZnxhdfI/w/hyl9XMYoGOUbigDy6/XNhJ4xyHlP Xfqlj3+paldHM7VBtRrru6AX0qfRz3tnjQ3KIGMnZUfMkXdm90oLnog02XfnOsMX E69fy9uSg+ZzZuGfh6P48na9Lxt7PqMniBe6bmr8IM4Xb671nyBm8UT8zJBHmMEj nUvX/MVw9f7uZKc0r/ay0a7nQlNNLNMRgGNCRmbiiRLKG8NUesvrtBcDBxWryXBh mjAvrQJMikWVCOKUUf51 =4Fdv -----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Mon, 26 Sep 2016 07:30:44 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.