glibc: CVE-2015-8778: Integer overflow in hcreate and hcreate_r

Debian Bug report logs - #812441
glibc: CVE-2015-8778: Integer overflow in hcreate and hcreate_r

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: glibc: CVE-2015-8778: Integer overflow in hcreate and hcreate_r

Date: Sat, 23 Jan 2016 20:15:31 +0100

Source: glibc
Version: 2.19-18
Severity: important
Tags: security upstream
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=18240

Hi,

the following vulnerability was published for glibc.

CVE-2015-8778[0]:
Integer overflow in hcreate and hcreate_r

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-8778
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=18240

Regards,
Salvatore

Message #12 received at 812441-submitter@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <aurelien@aurel32.net>

To: 812441-submitter@bugs.debian.org

Subject: Bug#812441 marked as pending

Date: Sat, 30 Jan 2016 11:36:39 +0000

tag 812441 pending
thanks

Hello,

Bug #812441 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=pkg-glibc/glibc.git;a=commitdiff;h=6a0c9c0

---
commit 6a0c9c0a8e4c94e7028cf908482e0224664db510
Author: Aurelien Jarno <aurelien@aurel32.net>
Date:   Sat Jan 30 12:32:19 2016 +0100

    Update from upstream stable branch
    
    - Fix an integer overflow in hcreate() and hcreate_r() (CVE-2015-8778).
      Closes: #812441.

diff --git a/debian/changelog b/debian/changelog
index 22de19a..5ca2880 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
 glibc (2.21-8) UNRELEASED; urgency=medium
 
-  * 
+  * Update from upstream stable branch:
+    - Fix an integer overflow in hcreate() and hcreate_r() (CVE-2015-8778).
+      Closes: #812441.
 
  -- Aurelien Jarno <aurel32@debian.org>  Sun, 24 Jan 2016 00:32:22 +0100
 

Message #15 received at 812441-submitter@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <aurelien@aurel32.net>

To: 812441-submitter@bugs.debian.org

Subject: Bug#812441 marked as pending

Date: Sat, 30 Jan 2016 11:44:39 +0000

tag 812441 pending
thanks

Hello,

Bug #812441 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=pkg-glibc/glibc.git;a=commitdiff;h=aee812b

---
commit aee812ba99f1f0d49c93e6f4a1b08b0d95147080
Author: Aurelien Jarno <aurelien@aurel32.net>
Date:   Sat Jan 30 12:43:26 2016 +0100

    Update from upstream stable branch
    
    - Fix an integer overflow in hcreate() and hcreate_r() (CVE-2015-8778).
      Closes: #812441.

diff --git a/debian/changelog b/debian/changelog
index 0931f1b..07a33a8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,8 @@ glibc (2.19-18+deb8u3) UNRELEASED; urgency=medium
   * Update from upstream stable branch:
     - Fix segmentation fault caused by passing out-of-range data to strftime()
       (CVE-2015-8776).  Closes: #812445.
+    - Fix an integer overflow in hcreate() and hcreate_r() (CVE-2015-8778).
+      Closes: #812441.
     - Fix multiple unbounded stack allocations in catopen() (CVE-2015-8779).
       Closes: #812455.
 

Message #18 received at 812441-submitter@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <aurelien@aurel32.net>

To: 812441-submitter@bugs.debian.org

Subject: Bug#812441 marked as pending

Date: Mon, 01 Feb 2016 08:56:56 +0000

tag 812441 pending
thanks

Hello,

Bug #812441 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=pkg-glibc/glibc.git;a=commitdiff;h=01d769f

---
commit 01d769fb761f0cbd9d07af20ec7ba407b61dd54d
Author: Aurelien Jarno <aurelien@aurel32.net>
Date:   Mon Feb 1 08:21:28 2016 +0100

    patches/any/cvs-hcreate.diff: new patch from upstream to fix an integer overflow in hcreate() and hcreate_r() (CVE-2015-8778). Closes: #812441.

diff --git a/debian/changelog b/debian/changelog
index dc60326..a3ca112 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,8 @@ eglibc (2.13-38+deb7u10) UNRELEASED; urgency=medium
   * patches/any/cvs-strftime.diff: new patch from upstream to fix
     segmentation fault caused by passing out-of-range data to strftime()
     (CVE-2015-8776).  Closes: #812445.
+  * patches/any/cvs-hcreate.diff: new patch from upstream to fix an integer
+    overflow in hcreate() and hcreate_r() (CVE-2015-8778). Closes: #812441.
 
  -- Aurelien Jarno <aurel32@debian.org>  Sun, 31 Jan 2016 12:55:29 +0100
 

Message #23 received at 812441-close@bugs.debian.org (full text, mbox, reply):

From: Santiago Ruano Rincón <santiagorr@riseup.net>

To: 812441-close@bugs.debian.org

Subject: Bug#812441: fixed in eglibc 2.11.3-4+deb6u9

Date: Fri, 05 Feb 2016 12:20:58 +0000

Source: eglibc
Source-Version: 2.11.3-4+deb6u9

We believe that the bug you reported is fixed in the latest version of
eglibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 812441@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Santiago Ruano Rincón <santiagorr@riseup.net> (supplier of updated eglibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 04 Feb 2016 20:54:36 +0100
Source: eglibc
Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-sparcv9b libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb
Architecture: source all amd64
Version: 2.11.3-4+deb6u9
Distribution: squeeze-lts
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Santiago Ruano Rincón <santiagorr@riseup.net>
Description: 
 eglibc-source - Embedded GNU C Library: sources
 glibc-doc  - Embedded GNU C Library: Documentation
 libc-bin   - Embedded GNU C Library: Binaries
 libc-dev-bin - Embedded GNU C Library: Development binaries
 libc0.1    - Embedded GNU C Library: Shared libraries
 libc0.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for AMD64
 libc0.1-i386 - Embedded GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - Embedded GNU C Library: PIC archive library
 libc0.1-prof - Embedded GNU C Library: Profiling Libraries
 libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - Embedded GNU C Library: Shared libraries
 libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.3-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.3-pic - Embedded GNU C Library: PIC archive library
 libc0.3-prof - Embedded GNU C Library: Profiling Libraries
 libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3-xen - Embedded GNU C Library: Shared libraries [Xen version]
 libc6      - Embedded GNU C Library: Shared libraries
 libc6-amd64 - Embedded GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - Embedded GNU C Library: detached debugging symbols
 libc6-dev  - Embedded GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - Embedded GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - Embedded GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips64 - Embedded GNU C Library: 64bit Development Libraries for MIPS64
 libc6-dev-mipsn32 - Embedded GNU C Library: n32 Development Libraries for MIPS64
 libc6-dev-powerpc - Embedded GNU C Library: 32bit powerpc development libraries for p
 libc6-dev-ppc64 - Embedded GNU C Library: 64bit Development Libraries for PowerPC64
 libc6-dev-s390x - Embedded GNU C Library: 64bit Development Libraries for IBM zSeri
 libc6-dev-sparc64 - Embedded GNU C Library: 64bit Development Libraries for UltraSPAR
 libc6-i386 - Embedded GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc6-mips64 - Embedded GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - Embedded GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - Embedded GNU C Library: PIC archive library
 libc6-powerpc - Embedded GNU C Library: 32bit powerpc shared libraries for ppc64
 libc6-ppc64 - Embedded GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-prof - Embedded GNU C Library: Profiling Libraries
 libc6-s390x - Embedded GNU C Library: 64bit Shared libraries for IBM zSeries
 libc6-sparc64 - Embedded GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-sparcv9b - Embedded GNU C Library: Shared libraries [v9b optimized]
 libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc6-xen  - Embedded GNU C Library: Shared libraries [Xen version]
 libc6.1    - Embedded GNU C Library: Shared libraries
 libc6.1-alphaev67 - Embedded GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc6.1-pic - Embedded GNU C Library: PIC archive library
 libc6.1-prof - Embedded GNU C Library: Profiling Libraries
 libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - Embedded GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - Embedded GNU C Library: NSS helper for files - udeb (udeb)
 locales    - Embedded GNU C Library: National Language (locale) data [support]
 locales-all - Embedded GNU C Library: Precompiled locale data
 nscd       - Embedded GNU C Library: Name Service Cache Daemon
Closes: 812441 812445 812455 813187
Changes: 
 eglibc (2.11.3-4+deb6u9) squeeze-lts; urgency=medium
 .
   * Non-maintainer upload by the Squeeze LTS Team.
   * Fix CVE-2014-9761: Unbounded stack allocation in nan* functions.
     Closes: #813187.
   * Fix CVE-2015-8776: Segmentation fault caused by passing out-of-range data
     to strftime(). Closes: #812445.
   * Fix CVE-2015-8778: Integer overflow in hcreate and hcreate_r.
     Closes: #812441.
   * Fix CVE-2015-8779: Multiple unbounded stack allocations in catopen().
     Closes: #812455.
Checksums-Sha1: 
 d285a4ba6656a9215323d0a3b29364a5079331d2 3250 eglibc_2.11.3-4+deb6u9.dsc
 c6e3d5d1a67869e72e943c3f1a62c6cda05e08e2 990384 eglibc_2.11.3-4+deb6u9.diff.gz
 bddc5a15d157130398f22a783ef05d0e922155a9 1854040 glibc-doc_2.11.3-4+deb6u9_all.deb
 0e2f1de9f48d5e8d5e83c128ebe00a96aeac7aa2 11227394 eglibc-source_2.11.3-4+deb6u9_all.deb
 8ce4e5d85fe4f0f01d89b42c0fdc0c8f195d2c63 4760432 locales_2.11.3-4+deb6u9_all.deb
 f724ce90524e9c4f215b95f598978a4cb0052ebc 4306982 libc6_2.11.3-4+deb6u9_amd64.deb
 aeff9f282a19286a436540f589206706e2d67b46 2617498 libc6-dev_2.11.3-4+deb6u9_amd64.deb
 bfab507e9852cf43d0d657a5c26f71272290dbd8 2059568 libc6-prof_2.11.3-4+deb6u9_amd64.deb
 ac75d66f7be3ab85af41522779144d6a755be63c 1574938 libc6-pic_2.11.3-4+deb6u9_amd64.deb
 f3157da6152cfbd6b2ad000ac70d6ed2b7d29170 756370 libc-bin_2.11.3-4+deb6u9_amd64.deb
 2c1aa47f91cf179cad9d29eb43eb90d0cb108a95 211242 libc-dev-bin_2.11.3-4+deb6u9_amd64.deb
 a98dd2ddcd9349c9d39186fbfab154b5a0212bf7 3603888 locales-all_2.11.3-4+deb6u9_amd64.deb
 47204594544cd52f09ba79e7f6fdccba21a3a897 3841374 libc6-i386_2.11.3-4+deb6u9_amd64.deb
 402bbfdc5fa0b487f0806038b0c87e61b59ce2f4 1556430 libc6-dev-i386_2.11.3-4+deb6u9_amd64.deb
 d3632518540989a16828be0cc026f521ba45ad9e 201130 nscd_2.11.3-4+deb6u9_amd64.deb
 10a2679e709efdc14e6b19970bbf7aac84ffbef5 10585246 libc6-dbg_2.11.3-4+deb6u9_amd64.deb
 42ceb550ab69c496e012ecb0954706894a5a1e4a 1172628 libc6-udeb_2.11.3-4+deb6u9_amd64.udeb
 b2b10c8f1996b6a60be02b143f76c6c42f817e44 11108 libnss-dns-udeb_2.11.3-4+deb6u9_amd64.udeb
 a401243af0d410ead7c6d11de174c7f5f89fb28c 20142 libnss-files-udeb_2.11.3-4+deb6u9_amd64.udeb
Checksums-Sha256: 
 ef8f8103b778881d68744b53a79e2185e7d78248e59fea8e8179b85e923e006f 3250 eglibc_2.11.3-4+deb6u9.dsc
 dc6c661e3406390b25cd7ae0d16b2b7b979a9cf6f874b1f710aa17e77a430e82 990384 eglibc_2.11.3-4+deb6u9.diff.gz
 6aa2b554cdfd61cc18e8d1cb5579d2d4abcd4990a3198ae5af7456abcae9b049 1854040 glibc-doc_2.11.3-4+deb6u9_all.deb
 fe3c812bdaaf33d60a0378e10bbe358aff3d14435e65f361b5bc59a8df7c1e4d 11227394 eglibc-source_2.11.3-4+deb6u9_all.deb
 330c9b18df2f3f77a3b604ce68e76bbcaabf288565632e5334418415170cadb8 4760432 locales_2.11.3-4+deb6u9_all.deb
 bc8a03cdacd587c77142fbbaf1f31e283dde995256fdfe73e6d1a0dd2ec161c9 4306982 libc6_2.11.3-4+deb6u9_amd64.deb
 aee39e3a8e0ecb4023b0369f8cc3940e3814955be16bfb26af969c8d38d70dc1 2617498 libc6-dev_2.11.3-4+deb6u9_amd64.deb
 d4620d33e1bdae5dd447d26e8c4a4f095d3bd7192a7bffc2f77b82e9357d6091 2059568 libc6-prof_2.11.3-4+deb6u9_amd64.deb
 155ff7eccf46262c7850ec9128a49b49e18de2743fcc37681b6fe99fbb7f03c4 1574938 libc6-pic_2.11.3-4+deb6u9_amd64.deb
 27d840767004f1d6b99fb6141b786cc625f2448ea6dc3ea3ba4246f3476f4bee 756370 libc-bin_2.11.3-4+deb6u9_amd64.deb
 df0cd96ad5c85b41f1ce6016831e0673d7487e963b0db8a9f9e66d19a68001a8 211242 libc-dev-bin_2.11.3-4+deb6u9_amd64.deb
 2dcf5f02d0f2ac807b6fa8dbfc3940b075f868413402fdb96765e15b1f64854a 3603888 locales-all_2.11.3-4+deb6u9_amd64.deb
 ce6e6ea558e39dbba7361740a255ce3f267821679d04e0561fc9dd79d52bfd39 3841374 libc6-i386_2.11.3-4+deb6u9_amd64.deb
 42ebda60737b28fc468129033ccbf24321610bdabffa7fe4492bc3902e0bd194 1556430 libc6-dev-i386_2.11.3-4+deb6u9_amd64.deb
 f2da6a0a8ef3d758cecf4efb73eb3ff6db41172ba4c0493a94ceba1122c4bac1 201130 nscd_2.11.3-4+deb6u9_amd64.deb
 2e8d10250605952b77ba95f8704fc4f2efe13870d4318aedb981d6240470013c 10585246 libc6-dbg_2.11.3-4+deb6u9_amd64.deb
 f8ca756e8af00a2557ded9885b45716390444e572f8b876b8d14256e97dfc82a 1172628 libc6-udeb_2.11.3-4+deb6u9_amd64.udeb
 ceff527a12b8d0a614c10fc806439380d6c4aa28d637644a32787fdda7c1e9f7 11108 libnss-dns-udeb_2.11.3-4+deb6u9_amd64.udeb
 ffe11f1adf95eafb3e09858525aeb728f62efb352f8edb3afe8279aa8cbf3438 20142 libnss-files-udeb_2.11.3-4+deb6u9_amd64.udeb
Files: 
 aa1c9f9f62a8cc7e7291686c7e7bb04f 3250 libs required eglibc_2.11.3-4+deb6u9.dsc
 74e798764a617a610c6c9cba9894e1d8 990384 libs required eglibc_2.11.3-4+deb6u9.diff.gz
 34619f5be90b1c0b32019d15f8a9d0b7 1854040 doc optional glibc-doc_2.11.3-4+deb6u9_all.deb
 24021664a2f2cd30df28cd9fb3f755c3 11227394 devel optional eglibc-source_2.11.3-4+deb6u9_all.deb
 7dde06777c7fcb3c5bbee9e250623eb3 4760432 localization standard locales_2.11.3-4+deb6u9_all.deb
 e4195fc5ce566d32e883cd9f0584a23a 4306982 libs required libc6_2.11.3-4+deb6u9_amd64.deb
 b1e2e889b57b79d86d7b7d82af741ec0 2617498 libdevel optional libc6-dev_2.11.3-4+deb6u9_amd64.deb
 b03c6c648fc2268435b82917b5bddb05 2059568 libdevel extra libc6-prof_2.11.3-4+deb6u9_amd64.deb
 ad8b26bd99aa09eaa2b79abc91b74c4a 1574938 libdevel optional libc6-pic_2.11.3-4+deb6u9_amd64.deb
 7df25d65ee57ce1d4f123f88746c95d3 756370 libs required libc-bin_2.11.3-4+deb6u9_amd64.deb
 24d063a21ff0a3e71b0e35bc3ef0fcba 211242 libdevel optional libc-dev-bin_2.11.3-4+deb6u9_amd64.deb
 9cc041aa64b4023e293f59ba45dda337 3603888 localization extra locales-all_2.11.3-4+deb6u9_amd64.deb
 23860c3d0565dd369f080895249fcee0 3841374 libs optional libc6-i386_2.11.3-4+deb6u9_amd64.deb
 fa37b70e86eacd2486cead37d5e08a4f 1556430 libdevel optional libc6-dev-i386_2.11.3-4+deb6u9_amd64.deb
 49c7cc517104acb2fd1c4de2bf015558 201130 admin optional nscd_2.11.3-4+deb6u9_amd64.deb
 190e2a23584d79c93dae5017487b2f84 10585246 debug extra libc6-dbg_2.11.3-4+deb6u9_amd64.deb
 a86f42229a1ac3ea7cabee88eae8bcd1 1172628 debian-installer extra libc6-udeb_2.11.3-4+deb6u9_amd64.udeb
 a71cc1f8fdfc21370327ae4ecebb4433 11108 debian-installer extra libnss-dns-udeb_2.11.3-4+deb6u9_amd64.udeb
 1a6890e68feb92099a7e5847c101e82c 20142 debian-installer extra libnss-files-udeb_2.11.3-4+deb6u9_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWtIYiAAoJEN5v/bjI1ki9EGUP/iFIZkQUf0eWof4J9uog+s1f
7V1aMi4thzg7BXzUGu/16Q3RACbwLJzEYu8Cqk4YiAoLbvd4vQKa6DhCk3RnZWdE
uHnH2oCIqZ1+etPiQ0oqOvnPSkOpevaSnNmyIj8Fhr0FWSCwUuH2XNK8i3Q10p5N
NPBPrQ4jf3WmpocTkCVTf8MlxcBQUyRs5KiTDTdkX2AV9mAPCVMUbDp0Ss0yXvNe
tQau+iYDvljzOJKb2CSI0+TMWCPJvLwWFGeXyIRhRQcQoWWGvxCrCIVpT3DPJBZG
McXPB7dt8YcrihAIUf9a4PgiIeQRq31A0rhH5bT5VOKIx0z4r9TMQyWv4EsJZAQs
SSPkBeiMz4TTd5lcRck+l9zI0pj1qseE/B6cf9a056nOFp7GOn2pcbBcoFm9BxXP
u8IFNaC8Cq2ReYPC/FJGYiXbcrDg6dLSvfefhgPkV0OXNz8nxiyLAkuB+UmQbuYX
VzC/mWI13RKI1PvPSmmqLMrLWaC2Ua5KaN+DgXSC0iyjcj/Xx1US8xmWnSlGYzQW
eIDi/bkS/BXCeWKhKOr8cw6hH2OUI6ngO+YIsCOsDM6L35Ej9Q+uINNDstQH+LGt
qlaPIxitJxASSXZVlPBbSU+4Kit9qJ6HbG5IZ/8T2OW7/7JqOSS1O/d7SZLEztOe
EbYJ35RQ9H08V/m06EzN
=Cu/n
-----END PGP SIGNATURE-----

Message #28 received at 812441-close@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <aurel32@debian.org>

To: 812441-close@bugs.debian.org

Subject: Bug#812441: fixed in glibc 2.21-8

Date: Tue, 16 Feb 2016 14:22:12 +0000

Source: glibc
Source-Version: 2.21-8

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 812441@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 15 Feb 2016 21:38:15 +0100
Source: glibc
Binary: libc-bin libc-dev-bin libc-l10n glibc-doc glibc-source locales locales-all nscd multiarch-support libc6 libc6-dev libc6-dbg libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc libc6-dev-sparc libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mips32 libc6-dev-mips32 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-x32 libc6-dev-x32 libc6-i686 libc6-xen libc0.1-i686 libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb
Architecture: source
Version: 2.21-8
Distribution: unstable
Urgency: critical
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description:
 glibc-doc  - GNU C Library: Documentation
 glibc-source - GNU C Library: sources
 libc-bin   - GNU C Library: Binaries
 libc-dev-bin - GNU C Library: Development binaries
 libc-l10n  - GNU C Library: localization files
 libc0.1    - GNU C Library: Shared libraries
 libc0.1-dbg - GNU C Library: detached debugging symbols
 libc0.1-dev - GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64
 libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - GNU C Library: PIC archive library
 libc0.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - GNU C Library: Shared libraries
 libc0.3-dbg - GNU C Library: detached debugging symbols
 libc0.3-dev - GNU C Library: Development Libraries and Header Files
 libc0.3-pic - GNU C Library: PIC archive library
 libc0.3-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc6      - GNU C Library: Shared libraries
 libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - GNU C Library: detached debugging symbols
 libc6-dev  - GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips32 - GNU C Library: o32 Development Libraries for MIPS
 libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64
 libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64
 libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for ppc64
 libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64
 libc6-dev-s390 - GNU C Library: 32bit Development Libraries for IBM zSeries
 libc6-dev-sparc - GNU C Library: 32bit Development Libraries for SPARC
 libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC
 libc6-dev-x32 - GNU C Library: X32 ABI Development Libraries for AMD64
 libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc6-mips32 - GNU C Library: o32 Shared libraries for MIPS
 libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - GNU C Library: PIC archive library
 libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64
 libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-s390 - GNU C Library: 32bit Shared libraries for IBM zSeries
 libc6-sparc - GNU C Library: 32bit Shared libraries for SPARC
 libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc6-x32  - GNU C Library: X32 ABI Shared libraries for AMD64
 libc6-xen  - GNU C Library: Shared libraries [Xen version]
 libc6.1    - GNU C Library: Shared libraries
 libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - GNU C Library: detached debugging symbols
 libc6.1-dev - GNU C Library: Development Libraries and Header Files
 libc6.1-pic - GNU C Library: PIC archive library
 libc6.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb)
 locales    - GNU C Library: National Language (locale) data [support]
 locales-all - GNU C Library: Precompiled locale data
 multiarch-support - Transitional package to ensure multiarch compatibility
 nscd       - GNU C Library: Name Service Cache Daemon
Closes: 812441
Changes:
 glibc (2.21-8) unstable; urgency=critical
 .
   * Update from upstream stable branch:
     - Fix an integer overflow in hcreate() and hcreate_r() (CVE-2015-8778).
       Closes: #812441.
   * patches/any/local-CVE-2015-7547.diff: new patch to fix glibc getaddrinfo
     stack-based buffer overflow (CVE-2015-7547).
Checksums-Sha1:
 3721663901d44562608c9a655680ea9fb2c26c4e 8059 glibc_2.21-8.dsc
 87550a43d38a75a54a9441129aadc6adf0a663d1 1043172 glibc_2.21-8.debian.tar.xz
Checksums-Sha256:
 748eb6a2965425632e72b0b4d9e3d5078540761f80175c530cb1e87931c05017 8059 glibc_2.21-8.dsc
 2b7f479d148df8d2fc0c934e6706aa0ca2d004186a2b7637e2086c5664d3a6f6 1043172 glibc_2.21-8.debian.tar.xz
Files:
 7841451b56726869cc81300b523143fc 8059 libs required glibc_2.21-8.dsc
 9cf5d4a6b7667b682fe72cee7fc259d3 1043172 libs required glibc_2.21-8.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWwjivAAoJELqceAYd3Yyb+RMP/0plepDBzjZnqQwZX2xyiSdA
gqOLnsrEu2yVYT3sncwgWEzq/MrlxiyJG/5raba3YzqW/+5I1JrTMTkQFNERfz7A
qBdgZuibcD62aSvEd4jRBYUlfXqQjixCUD8KRoLRDqLYKBb9NMAPbUiFqLZdSMcf
int5yuoULlpz2WDvbdEFYFZAKlsDxFrmVo+xTXNz/nAeVUT41XX6Jm8iRehKcNy7
bB7iCDDwOleifydLoFS0pHuXpe4A84Bl+w13B0uAC+Ojx7iZ3i6H0MoI+38I9ivd
EDoA8fxFFt9EULCrXo9BEwsF2f2dmhrixeragcngp2g5uD8Z+mW3QxDpBcbRQpDr
P2ahkQgF6qIccifkqzfDvwzb78QRxP+90B/1tS9dkgU13jIaUTb7uWhjGxVIwxOD
6Ig12dMobY9FLJSjE0iplaQ2DHDG7bWZm1F8iNf6znqvzp2QRSuZ0EUHgxSQcNmo
kMgtlxoze0KVPsS2p8NB8VfLZ6owtlw5xgqGrUDlUtv/9Y1uWKsUR035I3c72D1n
xIF59Z0jQkg0GG3v5d6sMzPYb5rTwGsAn/UZFOXuHz/hFu10pExuIccOmiml0qwj
bL+jHWktdcf9cRIDuMQKNRqvrnxKcWifzJaFwPLlLfXTcZTr7UlImwPU9mNAhwV2
EhXsYlydgoZf5I6sGhU4
=/1BQ
-----END PGP SIGNATURE-----

Message #33 received at 812441-close@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <aurel32@debian.org>

To: 812441-close@bugs.debian.org

Subject: Bug#812441: fixed in glibc 2.19-18+deb8u3

Date: Mon, 29 Feb 2016 07:32:19 +0000

Source: glibc
Source-Version: 2.19-18+deb8u3

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 812441@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 11 Feb 2016 23:31:28 +0100
Source: glibc
Binary: libc-bin libc-dev-bin glibc-doc glibc-source locales locales-all nscd multiarch-support libc6 libc6-dev libc6-dbg libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc libc6-dev-sparc libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mips32 libc6-dev-mips32 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-x32 libc6-dev-x32 libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libc6-loongson2f libnss-dns-udeb libnss-files-udeb
Architecture: source all amd64
Version: 2.19-18+deb8u3
Distribution: stable-security
Urgency: medium
Maintainer: Aurelien Jarno <aurel32@debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description:
 glibc-doc  - GNU C Library: Documentation
 glibc-source - GNU C Library: sources
 libc-bin   - GNU C Library: Binaries
 libc-dev-bin - GNU C Library: Development binaries
 libc0.1    - GNU C Library: Shared libraries
 libc0.1-dbg - GNU C Library: detached debugging symbols
 libc0.1-dev - GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64
 libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - GNU C Library: PIC archive library
 libc0.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - GNU C Library: Shared libraries
 libc0.3-dbg - GNU C Library: detached debugging symbols
 libc0.3-dev - GNU C Library: Development Libraries and Header Files
 libc0.3-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc0.3-pic - GNU C Library: PIC archive library
 libc0.3-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc0.3-xen - GNU C Library: Shared libraries [Xen version]
 libc6      - GNU C Library: Shared libraries
 libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - GNU C Library: detached debugging symbols
 libc6-dev  - GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips32 - GNU C Library: o32 Development Libraries for MIPS
 libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64
 libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64
 libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for ppc64
 libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64
 libc6-dev-s390 - GNU C Library: 32bit Development Libraries for IBM zSeries
 libc6-dev-sparc - GNU C Library: 32bit Development Libraries for SPARC
 libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC
 libc6-dev-x32 - GNU C Library: X32 ABI Development Libraries for AMD64
 libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc6-loongson2f - GNU C Library: Shared libraries (Loongson 2F optimized)
 libc6-mips32 - GNU C Library: o32 Shared libraries for MIPS
 libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - GNU C Library: PIC archive library
 libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64
 libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-s390 - GNU C Library: 32bit Shared libraries for IBM zSeries
 libc6-sparc - GNU C Library: 32bit Shared libraries for SPARC
 libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc6-x32  - GNU C Library: X32 ABI Shared libraries for AMD64
 libc6-xen  - GNU C Library: Shared libraries [Xen version]
 libc6.1    - GNU C Library: Shared libraries
 libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - GNU C Library: detached debugging symbols
 libc6.1-dev - GNU C Library: Development Libraries and Header Files
 libc6.1-pic - GNU C Library: PIC archive library
 libc6.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb)
 locales    - GNU C Library: National Language (locale) data [support]
 locales-all - GNU C Library: Precompiled locale data
 multiarch-support - Transitional package to ensure multiarch compatibility
 nscd       - GNU C Library: Name Service Cache Daemon
Closes: 812441 812445 812455
Changes:
 glibc (2.19-18+deb8u3) stable-security; urgency=medium
 .
   [ Aurelien Jarno ]
   * Update from upstream stable branch:
     - Fix segmentation fault caused by passing out-of-range data to strftime()
       (CVE-2015-8776).  Closes: #812445.
     - Fix an integer overflow in hcreate() and hcreate_r() (CVE-2015-8778).
       Closes: #812441.
     - Fix multiple unbounded stack allocations in catopen() (CVE-2015-8779).
       Closes: #812455.
   * patches/any/local-CVE-2015-7547.diff: new patch to fix glibc getaddrinfo
     stack-based buffer overflow (CVE-2015-7547).
Checksums-Sha1:
 c5623077cc29173411f8640eb0a65376c874f774 8238 glibc_2.19-18+deb8u3.dsc
 dab2c05a54357c1734226c5849dfc8ed39bc735a 1039748 glibc_2.19-18+deb8u3.debian.tar.xz
 e4e0e5b19fdb548c54b71cdcc88389d00292da66 2267448 glibc-doc_2.19-18+deb8u3_all.deb
 f9257857feeaa337c1465c6caf541e6783ff1ce0 14241316 glibc-source_2.19-18+deb8u3_all.deb
 83de00cddf27914cdd8c578c798934298fb3d345 3944088 locales_2.19-18+deb8u3_all.deb
Checksums-Sha256:
 f8bf87a6534af05ee633e641618d186624df3eae1525e7f0c7ea3052c01631c4 8238 glibc_2.19-18+deb8u3.dsc
 17fe23e6d8c09bb562d6413a40c9f4469d05dcb76c9810bd3bbaf73088d05aa8 1039748 glibc_2.19-18+deb8u3.debian.tar.xz
 88a9e63fb21bd6ead3b8c9a9fc28557740db42fd6c558155a4c823eaa305941c 2267448 glibc-doc_2.19-18+deb8u3_all.deb
 aab3af4878fc2d51dcd892c700cf2dbad45f4a39b202ac35f7413bb77ec7849b 14241316 glibc-source_2.19-18+deb8u3_all.deb
 5b946def9a80ca9af4baa073e41068181dcec977dc9dbd2a6ed53ab2f8a2a0b9 3944088 locales_2.19-18+deb8u3_all.deb
Files:
 1694093d17c2b0235e99947e7731924b 8238 libs required glibc_2.19-18+deb8u3.dsc
 d392c1bad0f2915adc6012ce79da7946 1039748 libs required glibc_2.19-18+deb8u3.debian.tar.xz
 8c27c6af1180cd9383769d6a7317288f 2267448 doc optional glibc-doc_2.19-18+deb8u3_all.deb
 7703518c12e2b1d8126f5e1a279ff67c 14241316 devel optional glibc-source_2.19-18+deb8u3_all.deb
 da2a96fc8df00c1a916a0ffa434f8d2a 3944088 localization standard locales_2.19-18+deb8u3_all.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWvRUaAAoJELqceAYd3YybcB8QAIvD3IWcO7rzknRsimAsCyJX
/q/dnhNQMpnfgCagKiDUBBvUjyCJLZ3SOUvNIqLuI+JMjKj3QEprRYjQP7k/EUJ9
rsF8pcIi1KsTBUuuueBqlvP3jkQ98mVctqqjaG/2WFvw6BX/Tl9RCwR9gn1MFZ/f
Z2WyuCySp3nH4sYLZZU8CeXL7vO36vEDWhib9QSj31ajvSv75MmFX2g4g7PplefP
vwFIamKVhd6eudfF3tji6+cVh5Athiyb2P8SC8yYRnRjL9/U5NP1piq3U0AcRShr
6dgPjJLzoAqyaZG7m6ElSsqbm0tA4aMrV1lNdvvlIh+P7maI4ZP9axJAIoRQ6EM8
lSA/0QAsB2/awqssROWmVjwLt/vRYB2VWkCIZ4KxfcqaP+h5UFl3up7prgdO76yB
X+y7h8GB+g0/AZdUeBW08XrBRuDvlujREawn0vZFytCI8eHOIJSTD4SIp9HuurPP
BB4lll3ePJg7aNIAODroPjtMM/zV2M8A6Cc2tsQ3BB9/btD8UvE2ZIsWs3KBTpwG
Ff/vKBqhGEnZXMBj9+DfAr0yue4e6rZNKQbmoDlLFGA2OIDgSVQrAxQPCoolRj1E
wnzaczua2CvLQ5FPHvoK5QfjneYcnzkCqEnKt/xxOOQplD7DngOyxmm9LMBAe1n2
9CKL1AY5IVtc8WdIRxqk
=0kDR
-----END PGP SIGNATURE-----

Message #38 received at 812441-close@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <aurel32@debian.org>

To: 812441-close@bugs.debian.org

Subject: Bug#812441: fixed in eglibc 2.13-38+deb7u10

Date: Mon, 25 Apr 2016 22:18:50 +0000

Source: eglibc
Source-Version: 2.13-38+deb7u10

We believe that the bug you reported is fixed in the latest version of
eglibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 812441@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated eglibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 11 Feb 2016 23:11:53 +0100
Source: eglibc
Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd multiarch-support libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libc6-loongson2f libnss-dns-udeb libnss-files-udeb
Architecture: source all amd64
Version: 2.13-38+deb7u10
Distribution: wheezy-security
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description: 
 eglibc-source - Embedded GNU C Library: sources
 glibc-doc  - Embedded GNU C Library: Documentation
 libc-bin   - Embedded GNU C Library: Binaries
 libc-dev-bin - Embedded GNU C Library: Development binaries
 libc0.1    - Embedded GNU C Library: Shared libraries
 libc0.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for AMD64
 libc0.1-i386 - Embedded GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - Embedded GNU C Library: PIC archive library
 libc0.1-prof - Embedded GNU C Library: Profiling Libraries
 libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - Embedded GNU C Library: Shared libraries
 libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.3-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.3-pic - Embedded GNU C Library: PIC archive library
 libc0.3-prof - Embedded GNU C Library: Profiling Libraries
 libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3-xen - Embedded GNU C Library: Shared libraries [Xen version]
 libc6      - Embedded GNU C Library: Shared libraries
 libc6-amd64 - Embedded GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - Embedded GNU C Library: detached debugging symbols
 libc6-dev  - Embedded GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - Embedded GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - Embedded GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips64 - Embedded GNU C Library: 64bit Development Libraries for MIPS64
 libc6-dev-mipsn32 - Embedded GNU C Library: n32 Development Libraries for MIPS64
 libc6-dev-powerpc - Embedded GNU C Library: 32bit powerpc development libraries for p
 libc6-dev-ppc64 - Embedded GNU C Library: 64bit Development Libraries for PowerPC64
 libc6-dev-s390 - Embedded GNU C Library: 32bit Development Libraries for IBM zSeri
 libc6-dev-s390x - Embedded GNU C Library: 64bit Development Libraries for IBM zSeri
 libc6-dev-sparc64 - Embedded GNU C Library: 64bit Development Libraries for UltraSPAR
 libc6-i386 - Embedded GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc6-loongson2f - Embedded GNU C Library: Shared libraries (Loongson 2F optimized)
 libc6-mips64 - Embedded GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - Embedded GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - Embedded GNU C Library: PIC archive library
 libc6-powerpc - Embedded GNU C Library: 32bit powerpc shared libraries for ppc64
 libc6-ppc64 - Embedded GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-prof - Embedded GNU C Library: Profiling Libraries
 libc6-s390 - Embedded GNU C Library: 32bit Shared libraries for IBM zSeries
 libc6-s390x - Embedded GNU C Library: 64bit Shared libraries for IBM zSeries
 libc6-sparc64 - Embedded GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc6-xen  - Embedded GNU C Library: Shared libraries [Xen version]
 libc6.1    - Embedded GNU C Library: Shared libraries
 libc6.1-alphaev67 - Embedded GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc6.1-pic - Embedded GNU C Library: PIC archive library
 libc6.1-prof - Embedded GNU C Library: Profiling Libraries
 libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - Embedded GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - Embedded GNU C Library: NSS helper for files - udeb (udeb)
 locales    - Embedded GNU C Library: National Language (locale) data [support]
 locales-all - Embedded GNU C Library: Precompiled locale data
 multiarch-support - Transitional package to ensure multiarch compatibility
 nscd       - Embedded GNU C Library: Name Service Cache Daemon
Closes: 812441 812445 812455
Changes: 
 eglibc (2.13-38+deb7u10) wheezy-security; urgency=medium
 .
   [ Aurelien Jarno ]
   * patches/any/cvs-strftime.diff: new patch from upstream to fix
     segmentation fault caused by passing out-of-range data to strftime()
     (CVE-2015-8776).  Closes: #812445.
   * patches/any/cvs-hcreate.diff: new patch from upstream to fix an integer
     overflow in hcreate() and hcreate_r() (CVE-2015-8778). Closes: #812441.
   * patches/any/cvs-catopen.diff: new patch from upstream to fix multiple
     unbounded stack allocations in catopen() (CVE-2015-8779).  Closes:
     #812455.
   * patches/any/cvs-gethostbyname4-memory-leak.diff: new patch from
     upstream to fix a memory leak in _nss_dns_gethostbyname4_r with big
     DNS answers.
   * patches/any/local-CVE-2015-7547.diff: new patch to fix glibc getaddrinfo
     stack-based buffer overflow (CVE-2015-7547).
Checksums-Sha1: 
 88c4d272d517a7e9fd19c17e7ea82aad54ec1e1b 5376 eglibc_2.13-38+deb7u10.dsc
 fe803d763aece9cdadcbf79f9c4fce848ef55dd4 2043246 eglibc_2.13-38+deb7u10.diff.gz
 b275dd5a7d9615503bdd4a3264ab5e6dadf666f9 1898642 glibc-doc_2.13-38+deb7u10_all.deb
 095e1996d872eb1030e9684b7b4570c17acd7730 13565616 eglibc-source_2.13-38+deb7u10_all.deb
 765589b94675996a6cc78de0bb326bf624780bde 5717232 locales_2.13-38+deb7u10_all.deb
Checksums-Sha256: 
 55af8c243c4dfb1fba69e5eb5587e6c7228f3114e885cc3fee5c8776f7a3d9c5 5376 eglibc_2.13-38+deb7u10.dsc
 30c68b8ac3d434f19feafd2f2814224d53548ade548e1abbf49a0b128fb2e95d 2043246 eglibc_2.13-38+deb7u10.diff.gz
 35d7b8320f2cd4109d2597500ca342359732dd20a74e17c03651259aedec1c9b 1898642 glibc-doc_2.13-38+deb7u10_all.deb
 f67dbbb799eae2116b58e1f3e9a848996b0010b883aa8946d768e526fe4b8067 13565616 eglibc-source_2.13-38+deb7u10_all.deb
 da8a6574b0655fb36183ac732d3483006b28157f06b9f331dec60ef76c80268e 5717232 locales_2.13-38+deb7u10_all.deb
Files: 
 d5a7a9976d1937cc6f0cec965df6f981 5376 libs required eglibc_2.13-38+deb7u10.dsc
 c061cd248a62e5ffe6758e3f08a30f06 2043246 libs required eglibc_2.13-38+deb7u10.diff.gz
 d4cf7a03a746a256569fdc22c721582a 1898642 doc optional glibc-doc_2.13-38+deb7u10_all.deb
 7228afeb66bf69582998c2bd33213562 13565616 devel optional eglibc-source_2.13-38+deb7u10_all.deb
 33da2b340dbc7f16f556d2e62ec3dabb 5717232 localization standard locales_2.13-38+deb7u10_all.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWvRVrAAoJELqceAYd3Yyb31oP/Rl20sl/ZJIo5WUFELhDYs/2
KWE+pSBgQ0QT6igOn2D2LGDZgVONPCyhhuDLkWk7gQYHQOAZminzxjobIx52F0/K
cXVk7EuZlOs55e67Ma3AXnwy+dMSqsuo5RPZgW9AELdhZtAcHKBqFog47+7hBNgf
y7kfeXFa/HE3U5fj/anKYqMWVWmIiTHq4A6C9Cjce/KN7QmG64dX1SsLoqx8SfmR
M1kAv+DYt3C73S5hChFC3NOCY/e+W29tcpJikDwaWV0Rt3dmAXrKjFmS1ivbrBPn
VtgoHQCVCm88XeryQrucWXKh4SklMgHfy3rlun0RiSO6V03iBn0UV0Li80XY2ssB
831F6SDmsSJkyGyAeuCjaSGUEFf7Q1w3+80tSkHDujQEdlGMqipfocfQtlTP3mAL
k5YfG4TzuF6bSd7g9pdQ+MshzdZnxhdfI/w/hyl9XMYoGOUbigDy6/XNhJ4xyHlP
Xfqlj3+paldHM7VBtRrru6AX0qfRz3tnjQ3KIGMnZUfMkXdm90oLnog02XfnOsMX
E69fy9uSg+ZzZuGfh6P48na9Lxt7PqMniBe6bmr8IM4Xb671nyBm8UT8zJBHmMEj
nUvX/MVw9f7uZKc0r/ay0a7nQlNNLNMRgGNCRmbiiRLKG8NUesvrtBcDBxWryXBh
mjAvrQJMikWVCOKUUf51
=4Fdv
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.