Debian Bug report logs -
#699399
[CVE-2013-0242] glibc: DoS due to a buffer overrun in regexp matcher by processing multibyte characters
Reported by: Luciano Bello <luciano@debian.org>
Date: Wed, 30 Jan 2013 23:39:02 UTC
Severity: important
Tags: patch, security
Found in versions 2.11.3-4, 2.13-38
Fixed in version eglibc/2.17-2
Done: Aurelien Jarno <aurel32@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#699399; Package eglibc.
(Wed, 30 Jan 2013 23:39:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Luciano Bello <luciano@debian.org>:
New Bug report received and forwarded. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>.
(Wed, 30 Jan 2013 23:39:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: eglibc
Severity: important
Tags: security patch
Justification: user security hole
Hi there,
Take a look to http://seclists.org/oss-sec/2013/q1/202
Please, use CVE-2013-0242 to refer this issue.
Cheers,
luciano
Added tag(s) pending.
Request was from Adam Conrad <adconrad@alioth.debian.org>
to control@bugs.debian.org.
(Wed, 08 May 2013 17:03:12 GMT) (full text, mbox, link).
Reply sent
to Aurelien Jarno <aurel32@debian.org>:
You have taken responsibility.
(Sun, 12 May 2013 18:21:17 GMT) (full text, mbox, link).
Notification sent
to Luciano Bello <luciano@debian.org>:
Bug acknowledged by developer.
(Sun, 12 May 2013 18:21:17 GMT) (full text, mbox, link).
Message #12 received at 699399-close@bugs.debian.org (full text, mbox, reply):
Source: eglibc
Source-Version: 2.17-2
We believe that the bug you reported is fixed in the latest version of
eglibc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 699399@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated eglibc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 12 May 2013 16:46:17 +0200
Source: eglibc
Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd multiarch-support libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc6-armhf libc6-dev-armhf libc6-armel libc6-dev-armel libc0.1-i386 libc0.1-dev-i386 libc6-x32 libc6-dev-x32 libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libc6-loongson2f libnss-dns-udeb libnss-files-udeb
Architecture: source all kfreebsd-i386
Version: 2.17-2
Distribution: unstable
Urgency: low
Maintainer: Aurelien Jarno <aurel32@debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description:
eglibc-source - Embedded GNU C Library: sources
glibc-doc - Embedded GNU C Library: Documentation
libc-bin - Embedded GNU C Library: Binaries
libc-dev-bin - Embedded GNU C Library: Development binaries
libc0.1 - Embedded GNU C Library: Shared libraries
libc0.1-dbg - Embedded GNU C Library: detached debugging symbols
libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files
libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for AMD64
libc0.1-i386 - Embedded GNU C Library: 32bit shared libraries for AMD64
libc0.1-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
libc0.1-pic - Embedded GNU C Library: PIC archive library
libc0.1-prof - Embedded GNU C Library: Profiling Libraries
libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
libc0.3 - Embedded GNU C Library: Shared libraries
libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files
libc0.3-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
libc0.3-pic - Embedded GNU C Library: PIC archive library
libc0.3-prof - Embedded GNU C Library: Profiling Libraries
libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
libc0.3-xen - Embedded GNU C Library: Shared libraries [Xen version]
libc6 - Embedded GNU C Library: Shared libraries
libc6-amd64 - Embedded GNU C Library: 64bit Shared libraries for AMD64
libc6-armel - Embedded GNU C Library: ARM softfp shared libraries for armhf
libc6-armhf - Embedded GNU C Library: ARM hard float shared libraries for armel
libc6-dbg - Embedded GNU C Library: detached debugging symbols
libc6-dev - Embedded GNU C Library: Development Libraries and Header Files
libc6-dev-amd64 - Embedded GNU C Library: 64bit Development Libraries for AMD64
libc6-dev-armel - Embedded GNU C Library: ARM softfp development libraries for armh
libc6-dev-armhf - Embedded GNU C Library: ARM hard float development libraries for
libc6-dev-i386 - Embedded GNU C Library: 32-bit development libraries for AMD64
libc6-dev-mips64 - Embedded GNU C Library: 64bit Development Libraries for MIPS64
libc6-dev-mipsn32 - Embedded GNU C Library: n32 Development Libraries for MIPS64
libc6-dev-powerpc - Embedded GNU C Library: 32bit powerpc development libraries for p
libc6-dev-ppc64 - Embedded GNU C Library: 64bit Development Libraries for PowerPC64
libc6-dev-s390 - Embedded GNU C Library: 32bit Development Libraries for IBM zSeri
libc6-dev-s390x - Embedded GNU C Library: 64bit Development Libraries for IBM zSeri
libc6-dev-sparc64 - Embedded GNU C Library: 64bit Development Libraries for UltraSPAR
libc6-dev-x32 - Embedded GNU C Library: X32 ABI Development Libraries for AMD64
libc6-i386 - Embedded GNU C Library: 32-bit shared libraries for AMD64
libc6-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
libc6-loongson2f - Embedded GNU C Library: Shared libraries (Loongson 2F optimized)
libc6-mips64 - Embedded GNU C Library: 64bit Shared libraries for MIPS64
libc6-mipsn32 - Embedded GNU C Library: n32 Shared libraries for MIPS64
libc6-pic - Embedded GNU C Library: PIC archive library
libc6-powerpc - Embedded GNU C Library: 32bit powerpc shared libraries for ppc64
libc6-ppc64 - Embedded GNU C Library: 64bit Shared libraries for PowerPC64
libc6-prof - Embedded GNU C Library: Profiling Libraries
libc6-s390 - Embedded GNU C Library: 32bit Shared libraries for IBM zSeries
libc6-s390x - Embedded GNU C Library: 64bit Shared libraries for IBM zSeries
libc6-sparc64 - Embedded GNU C Library: 64bit Shared libraries for UltraSPARC
libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
libc6-x32 - Embedded GNU C Library: X32 ABI Shared libraries for AMD64
libc6-xen - Embedded GNU C Library: Shared libraries [Xen version]
libc6.1 - Embedded GNU C Library: Shared libraries
libc6.1-alphaev67 - Embedded GNU C Library: Shared libraries (EV67 optimized)
libc6.1-dbg - Embedded GNU C Library: detached debugging symbols
libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files
libc6.1-pic - Embedded GNU C Library: PIC archive library
libc6.1-prof - Embedded GNU C Library: Profiling Libraries
libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
libnss-dns-udeb - Embedded GNU C Library: NSS helper for DNS - udeb (udeb)
libnss-files-udeb - Embedded GNU C Library: NSS helper for files - udeb (udeb)
locales - Embedded GNU C Library: National Language (locale) data [support]
locales-all - Embedded GNU C Library: Precompiled locale data
multiarch-support - Transitional package to ensure multiarch compatibility
nscd - Embedded GNU C Library: Name Service Cache Daemon
Closes: 631242 695077 699399 704623 707091 707802 707813
Changes:
eglibc (2.17-2) unstable; urgency=low
.
[ Adam Conrad ]
* debian/patches/any/unsubmitted-cloexec-conditional.diff: Catch yet
another unconditional O_CLOEXEC and conditionalize it for freebsd.
* debian/patches/kfreebsd/local-HAVE_TLS_SUPPORT.diff: Removed, as
this is no longer needed by the updated glibc-bsd sysdeps upstream.
* debian/patches/any/cvs-regexp-overrun.diff: Backport patch from git
to resolve regex matcher overrun, CVE-2013-0242 (Closes: #699399)
* debian/sysdeps/ia64.mk, debian/control: Switch ia64 back to gcc-4.6,
as our world explodes when compiled with gcc-4.7 on ia64 right now.
.
[ Aurelien Jarno ]
* patches/any/cvs-sys-param-h-DEV_BSIZE.diff: New patch to fix
conflict with kFreeBSD kernel headers.
* patches/kfreebsd/local-linuxthreads-TLS-THREAD.diff: New patch to remove
conditional defines on USE___THREAD and HAVE_TLS_SUPPORT.
* patches/kfreebsd/local-linuxthreads-mutex-initializer.diff: New patch to
define MUTEX_INITIALIZER.
* Japanese debconf translation update from Nobuhiro Iwamatsu.
closes: #695077.
* patches/any/cvs-getaddrinfo-stack-overflow.diff: New patch to fix
a stack overflow in getaddrinfo(), CVE-2013-1914. Closes: #704623.
* patches/any/local-missing-linux_types.h.diff: Drop, not need anymore.
* local/manpages/ld.so.8: drop --ignore-rpath documentation. Closes:
#707802.
* patches/all/local-ldd.diff: check if the dynamic linker works before
using it. Closes: #631242, #707091.
* patches/kfreebsd/local-scripts.diff: remove dynamic linker name, now
handled by abi-variants.
* debian/control.in/main: remove ${misc:Depends} from libc Depends: field to
not get a dependency on debconf. Closes: #707813.
* patches/localedata/submitted-locale-bo.diff: New patch to fix bo_IN and
bo_CN locales, causing localedef to fail and localechooser to FTBFS.
.
[ Petr Salinger ]
* patches/kfreebsd/local-linuxthreads-initfini.diff: follow upstream
changes in startup code
* patches/kfreebsd/local-no-pldd.diff: pldd is linux only utility
* patches/kfreebsd/local-nscd-nosendfile-fix.diff: handle system without
sendfile syscall
* patches/kfreebsd/local-linuxthreads-stackguard.diff: handle elf subdir
removal
* patches/kfreebsd/local-freopen.diff: support architecture without dup3()
* patches/kfreebsd/local-linuxthreads-ctype_init.diff: follow upstream
changes in ctype initialization
* re-enable lost any/local-linuxthreads-XPG7.diff
any/local-linuxthreads-setclock.diff
* drop obsolete any/local-linuxthreads-unwind.diff
any/local-linuxthreads-lowlevellock.diff
* kfreebsd/local-sysdeps.diff: update to revision 4431 (from glibc-bsd).
* Add into testsuite-checking/expected-results-*-kfreebsd-gnu-*
tst-timer5 test and new tst-backtrace[4-6] tests that are known to fail.
* raise version dependency on g++-4.7 (>= 4.7.3-4) [kfreebsd-amd64] due to
multilib problems in earlier versions
Checksums-Sha1:
4ceb94bf87cd23363861d2a79512b1e0e953fb54 5197 eglibc_2.17-2.dsc
c7cb8578458e3777f011922829516781ab2a1205 805684 eglibc_2.17-2.debian.tar.xz
055b3422940a4d84c73bc40888ba0012c553a904 2123464 glibc-doc_2.17-2_all.deb
9c4a9913c494e7f916f2db030e20a8a4da04302d 13945448 eglibc-source_2.17-2_all.deb
0f29f0e9103b2081e6c6c5b8af36b3fb83134f3a 3839054 locales_2.17-2_all.deb
e1100625d6c4660283b3469bda37799c56adfa6b 3886104 libc0.1_2.17-2_kfreebsd-i386.deb
96257fa1c7d7b85ae063055294b32b153e438e17 2139152 libc0.1-dev_2.17-2_kfreebsd-i386.deb
6c938152a039ac11135e29a9595d1f6664401902 1153984 libc0.1-pic_2.17-2_kfreebsd-i386.deb
98fb5c9ba9feac7027890dfaaa9b8708d49f190f 1212418 libc-bin_2.17-2_kfreebsd-i386.deb
9daaaca49e255bf1649b88ecad4dfaf27b8bd534 229124 libc-dev-bin_2.17-2_kfreebsd-i386.deb
756c0f4bcebcb2a34b252ecc06214da4c3de21e1 159164 multiarch-support_2.17-2_kfreebsd-i386.deb
aa40b6617072348ba913a8d528b62b335a6c5911 1180404 libc0.1-prof_2.17-2_kfreebsd-i386.deb
7c977508123e63084f7e5ff7f97de5d9f128c25d 3156400 locales-all_2.17-2_kfreebsd-i386.deb
dd5235a68b4790954674b91a5707df98922d4965 1309228 libc0.1-i686_2.17-2_kfreebsd-i386.deb
d2e0c2fb695113c515c26ec607378b9509db6d0d 224766 nscd_2.17-2_kfreebsd-i386.deb
f5811b31777a0543396938e833d8e9e158029366 4515718 libc0.1-dbg_2.17-2_kfreebsd-i386.deb
6ded64f02d768702e587d87fd85b503a45a933b4 755194 libc0.1-udeb_2.17-2_kfreebsd-i386.udeb
df84eb8da7750302066f99901657822aeacf1e09 9622 libnss-dns-udeb_2.17-2_kfreebsd-i386.udeb
99b885b4496bf75c5900d6d2e066909bc97c8b71 15922 libnss-files-udeb_2.17-2_kfreebsd-i386.udeb
Checksums-Sha256:
d224cc4ca1ad23216702ab1114b1a5aad7733410d97ca984ffd74e619bad0ece 5197 eglibc_2.17-2.dsc
69583f182e9935caa7a1bc0db945987c0e121627b9e6ad2b35096ed282c36f35 805684 eglibc_2.17-2.debian.tar.xz
bdbbbb7d6b00e453a645e2676ddf5ca42a84384772c1644f5a3dda16af30344b 2123464 glibc-doc_2.17-2_all.deb
67af97bb6d89a0bce94741ca1b02e6eac7a18ee9d7a279994953b826985e625a 13945448 eglibc-source_2.17-2_all.deb
2554c5eaf53a6c1f45c9f2ed255b67d940651111fa64de2f843421cbfdae8e6f 3839054 locales_2.17-2_all.deb
4294692f918e989dc70a655b7f5f2b25d07a62d4a2fa605a494db44affa04c25 3886104 libc0.1_2.17-2_kfreebsd-i386.deb
e3112b25779ceea43175bbe257f12ae9624ebefef1cd7af7ef043c651bc4f99c 2139152 libc0.1-dev_2.17-2_kfreebsd-i386.deb
69fc0573d32cf668852642ac660580934ddc37e7a5adb54445c60fd298cc36f7 1153984 libc0.1-pic_2.17-2_kfreebsd-i386.deb
9d56aad63d475322a20b02a0dc4ff1a519db223cea5dfd3de93bfe5df71f49c9 1212418 libc-bin_2.17-2_kfreebsd-i386.deb
a1caeceb2c6423a4bdbd5ff35d0668bb88904ab0432058bc0f010492d4b4226e 229124 libc-dev-bin_2.17-2_kfreebsd-i386.deb
964d4ea68557137d7b1069ac5022941157605a9024592e62add9fba19d629487 159164 multiarch-support_2.17-2_kfreebsd-i386.deb
46198458aa86d19e0e75b4cd1644600a4aa7552186b52b124553018cef547980 1180404 libc0.1-prof_2.17-2_kfreebsd-i386.deb
468180a4affef71e2c55d30afdd07acc4360d865f039149ebb486b144df8a77e 3156400 locales-all_2.17-2_kfreebsd-i386.deb
003a6dff78d6dead84ae0bd043912f003de18b9a30eae43403c58b7416b919ad 1309228 libc0.1-i686_2.17-2_kfreebsd-i386.deb
9eb922e8b0db4759ca24dceea7882b2334c797b22399c3118face46d2ee0b5e6 224766 nscd_2.17-2_kfreebsd-i386.deb
4f8824fed8b538abd2e852b9353dca54b616c67a49af457e52daa19295888226 4515718 libc0.1-dbg_2.17-2_kfreebsd-i386.deb
ac2ccc88f6429d5b80a72ae3e21c38e8d31a5831134b97db954d0ddca71746e2 755194 libc0.1-udeb_2.17-2_kfreebsd-i386.udeb
f7fa579043711998c36d81f030007fceea1e22cf830fd217f256927fff395408 9622 libnss-dns-udeb_2.17-2_kfreebsd-i386.udeb
c0aa7545719b6f18ce7e96c95fc63a4bf5dafd248d60d4b00ed735af39ad9f88 15922 libnss-files-udeb_2.17-2_kfreebsd-i386.udeb
Files:
39b444955ba206762b9fdba93db1a4d2 5197 libs required eglibc_2.17-2.dsc
0143a538a044006811729b63dc75fcab 805684 libs required eglibc_2.17-2.debian.tar.xz
405c4a0cdcf0794e2e1e2a86d659b2a9 2123464 doc optional glibc-doc_2.17-2_all.deb
cd97b4a50c29fb925180a83a90d12eba 13945448 devel optional eglibc-source_2.17-2_all.deb
08c820adbebaff5e4f1f53ed909dc042 3839054 localization standard locales_2.17-2_all.deb
499ff74e2195174053217c161f69a18a 3886104 libs required libc0.1_2.17-2_kfreebsd-i386.deb
2fe7526ea2d294e8a01178abefc5d17c 2139152 libdevel optional libc0.1-dev_2.17-2_kfreebsd-i386.deb
84f26eae80a5df9071c78f0c4380bd10 1153984 libdevel optional libc0.1-pic_2.17-2_kfreebsd-i386.deb
009112de6f37e9ebd3a626cc3d7add3b 1212418 libs required libc-bin_2.17-2_kfreebsd-i386.deb
8f246fb96acade5c1631a4c7cc32894b 229124 libdevel optional libc-dev-bin_2.17-2_kfreebsd-i386.deb
07c4657693c18db0c7f79527add63efe 159164 libs required multiarch-support_2.17-2_kfreebsd-i386.deb
bb8df5d52b2886d506f7c3248a4a08e9 1180404 libdevel extra libc0.1-prof_2.17-2_kfreebsd-i386.deb
eb296f0ba351633948accf57cd4593d3 3156400 localization extra locales-all_2.17-2_kfreebsd-i386.deb
f1ad1303a9508b755bdc9b21f2cbe819 1309228 libs extra libc0.1-i686_2.17-2_kfreebsd-i386.deb
cad2e73d0aa3a3d76a4e43c8a999f8d2 224766 admin optional nscd_2.17-2_kfreebsd-i386.deb
3bd9f2c43abd23b464624fe89aefdfe1 4515718 debug extra libc0.1-dbg_2.17-2_kfreebsd-i386.deb
97a620aec6be0f867135a6389cea4cd5 755194 debian-installer extra libc0.1-udeb_2.17-2_kfreebsd-i386.udeb
ca251c3f7a5083a974253cd7e85f5f41 9622 debian-installer extra libnss-dns-udeb_2.17-2_kfreebsd-i386.udeb
33beffcf000ec90a27c4af1d6af34273 15922 debian-installer extra libnss-files-udeb_2.17-2_kfreebsd-i386.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/kFreeBSD)
iD8DBQFRj8FZw3ao2vG823MRAtpGAJsH4IGeI4Y9N2BL7kQCFj2p1LRpFwCfcdKk
zw1N8ubRw+HCGGJwMLrEqOk=
=6WbJ
-----END PGP SIGNATURE-----
Marked as found in versions 2.13-38.
Request was from Arne Wichmann <aw@anhrefn.saar.de>
to control@bugs.debian.org.
(Mon, 17 Jun 2013 18:15:17 GMT) (full text, mbox, link).
Marked as found in versions 2.11.3-4.
Request was from Arne Wichmann <aw@anhrefn.saar.de>
to control@bugs.debian.org.
(Mon, 17 Jun 2013 18:15:18 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 02 Aug 2013 07:36:13 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:51:51 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon