Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

eglibc: alloca memory corruption

Related Vulnerabilities: CVE-2011-1659   CVE-2011-1071  

Source

Debian Bug report logs - #615120
eglibc: alloca memory corruption

version graph

Package: eglibc; Maintainer for eglibc is (unknown);

Reported by: Michael Gilbert <michael.s.gilbert@gmail.com>

Date: Fri, 25 Feb 2011 21:21:01 UTC

Severity: grave

Found in version 2.11.2-10

Fixed in versions eglibc/2.11.2-12, eglibc/2.11.3-1

Done: Aurelien Jarno <aurel32@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#615120; Package eglibc. (Fri, 25 Feb 2011 21:21:04 GMT) (full text, mbox, link).

Acknowledgement sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Fri, 25 Feb 2011 21:21:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: submit@bugs.debian.org
Subject: eglibc: alloca memory corruption
Date: Fri, 25 Feb 2011 16:22:11 -0500
package: eglibc
version: 2.11.2-10
severity: grave
tag: security

A memory corruption issue has been disclosed for eglibc [0].  I've
checked, and lenny (glibc), squeeze, and sid are affected by the poc.
experimental is not.  According to the report, this permits arbitrary
code execution.

[0] http://seclists.org/fulldisclosure/2011/Feb/635

Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#615120; Package eglibc. (Sat, 26 Feb 2011 10:33:04 GMT) (full text, mbox, link).

Acknowledgement sent to Aurelien Jarno <aurelien@aurel32.net>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Sat, 26 Feb 2011 10:33:04 GMT) (full text, mbox, link).

Message #10 received at 615120@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <aurelien@aurel32.net>
To: Michael Gilbert <michael.s.gilbert@gmail.com>, 615120@bugs.debian.org
Subject: Re: Bug#615120: eglibc: alloca memory corruption
Date: Sat, 26 Feb 2011 11:29:06 +0100
On Fri, Feb 25, 2011 at 04:22:11PM -0500, Michael Gilbert wrote:
> package: eglibc
> version: 2.11.2-10
> severity: grave
> tag: security
> 
> A memory corruption issue has been disclosed for eglibc [0].  I've
> checked, and lenny (glibc), squeeze, and sid are affected by the poc.
> experimental is not.  According to the report, this permits arbitrary
> code execution.
> 

Do you have a CVE number that we can use in the changelog?

-- 
Aurelien Jarno	                        GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net

Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#615120; Package eglibc. (Sat, 26 Feb 2011 14:18:07 GMT) (full text, mbox, link).

Acknowledgement sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>. (Sat, 26 Feb 2011 14:18:07 GMT) (full text, mbox, link).

Message #15 received at 615120@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <michael.s.gilbert@gmail.com>
To: 615120@bugs.debian.org
Subject: Re: Bug#615120: eglibc: alloca memory corruption
Date: Sat, 26 Feb 2011 09:18:58 -0500
On Sat, 26 Feb 2011 11:29:06 +0100 Aurelien Jarno wrote:

> On Fri, Feb 25, 2011 at 04:22:11PM -0500, Michael Gilbert wrote:
> > package: eglibc
> > version: 2.11.2-10
> > severity: grave
> > tag: security
> > 
> > A memory corruption issue has been disclosed for eglibc [0].  I've
> > checked, and lenny (glibc), squeeze, and sid are affected by the poc.
> > experimental is not.  According to the report, this permits arbitrary
> > code execution.
> > 
> 
> Do you have a CVE number that we can use in the changelog?

No, there hasn't been one assigned yet.

Mike

Added tag(s) pending. Request was from Aurelien Jarno <aurel32@alioth.debian.org> to control@bugs.debian.org. (Sat, 26 Feb 2011 17:12:05 GMT) (full text, mbox, link).

Reply sent to Aurelien Jarno <aurel32@debian.org>:
You have taken responsibility. (Sun, 27 Feb 2011 15:51:11 GMT) (full text, mbox, link).

Notification sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Sun, 27 Feb 2011 15:51:12 GMT) (full text, mbox, link).

Message #22 received at 615120-close@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <aurel32@debian.org>
To: 615120-close@bugs.debian.org
Subject: Bug#615120: fixed in eglibc 2.11.2-12
Date: Sun, 27 Feb 2011 15:48:02 +0000
Source: eglibc
Source-Version: 2.11.2-12

We believe that the bug you reported is fixed in the latest version of
eglibc, which is due to be installed in the Debian FTP archive:

eglibc-source_2.11.2-12_all.deb
  to main/e/eglibc/eglibc-source_2.11.2-12_all.deb
eglibc_2.11.2-12.diff.gz
  to main/e/eglibc/eglibc_2.11.2-12.diff.gz
eglibc_2.11.2-12.dsc
  to main/e/eglibc/eglibc_2.11.2-12.dsc
glibc-doc_2.11.2-12_all.deb
  to main/e/eglibc/glibc-doc_2.11.2-12_all.deb
libc-bin_2.11.2-12_amd64.deb
  to main/e/eglibc/libc-bin_2.11.2-12_amd64.deb
libc-dev-bin_2.11.2-12_amd64.deb
  to main/e/eglibc/libc-dev-bin_2.11.2-12_amd64.deb
libc6-dbg_2.11.2-12_amd64.deb
  to main/e/eglibc/libc6-dbg_2.11.2-12_amd64.deb
libc6-dev-i386_2.11.2-12_amd64.deb
  to main/e/eglibc/libc6-dev-i386_2.11.2-12_amd64.deb
libc6-dev_2.11.2-12_amd64.deb
  to main/e/eglibc/libc6-dev_2.11.2-12_amd64.deb
libc6-i386_2.11.2-12_amd64.deb
  to main/e/eglibc/libc6-i386_2.11.2-12_amd64.deb
libc6-pic_2.11.2-12_amd64.deb
  to main/e/eglibc/libc6-pic_2.11.2-12_amd64.deb
libc6-prof_2.11.2-12_amd64.deb
  to main/e/eglibc/libc6-prof_2.11.2-12_amd64.deb
libc6-udeb_2.11.2-12_amd64.udeb
  to main/e/eglibc/libc6-udeb_2.11.2-12_amd64.udeb
libc6_2.11.2-12_amd64.deb
  to main/e/eglibc/libc6_2.11.2-12_amd64.deb
libnss-dns-udeb_2.11.2-12_amd64.udeb
  to main/e/eglibc/libnss-dns-udeb_2.11.2-12_amd64.udeb
libnss-files-udeb_2.11.2-12_amd64.udeb
  to main/e/eglibc/libnss-files-udeb_2.11.2-12_amd64.udeb
locales-all_2.11.2-12_amd64.deb
  to main/e/eglibc/locales-all_2.11.2-12_amd64.deb
locales_2.11.2-12_all.deb
  to main/e/eglibc/locales_2.11.2-12_all.deb
nscd_2.11.2-12_amd64.deb
  to main/e/eglibc/nscd_2.11.2-12_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 615120@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated eglibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 26 Feb 2011 18:28:26 +0100
Source: eglibc
Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-sparcv9b libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb
Architecture: source all amd64
Version: 2.11.2-12
Distribution: unstable
Urgency: medium
Maintainer: Aurelien Jarno <aurel32@debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description: 
 eglibc-source - Embedded GNU C Library: sources
 glibc-doc  - Embedded GNU C Library: Documentation
 libc-bin   - Embedded GNU C Library: Binaries
 libc-dev-bin - Embedded GNU C Library: Development binaries
 libc0.1    - Embedded GNU C Library: Shared libraries
 libc0.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for AMD64
 libc0.1-i386 - Embedded GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - Embedded GNU C Library: PIC archive library
 libc0.1-prof - Embedded GNU C Library: Profiling Libraries
 libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - Embedded GNU C Library: Shared libraries
 libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.3-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.3-pic - Embedded GNU C Library: PIC archive library
 libc0.3-prof - Embedded GNU C Library: Profiling Libraries
 libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3-xen - Embedded GNU C Library: Shared libraries [Xen version]
 libc6      - Embedded GNU C Library: Shared libraries
 libc6-amd64 - Embedded GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - Embedded GNU C Library: detached debugging symbols
 libc6-dev  - Embedded GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - Embedded GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - Embedded GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips64 - Embedded GNU C Library: 64bit Development Libraries for MIPS64
 libc6-dev-mipsn32 - Embedded GNU C Library: n32 Development Libraries for MIPS64
 libc6-dev-powerpc - Embedded GNU C Library: 32bit powerpc development libraries for p
 libc6-dev-ppc64 - Embedded GNU C Library: 64bit Development Libraries for PowerPC64
 libc6-dev-s390x - Embedded GNU C Library: 64bit Development Libraries for IBM zSeri
 libc6-dev-sparc64 - Embedded GNU C Library: 64bit Development Libraries for UltraSPAR
 libc6-i386 - Embedded GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc6-mips64 - Embedded GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - Embedded GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - Embedded GNU C Library: PIC archive library
 libc6-powerpc - Embedded GNU C Library: 32bit powerpc shared libraries for ppc64
 libc6-ppc64 - Embedded GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-prof - Embedded GNU C Library: Profiling Libraries
 libc6-s390x - Embedded GNU C Library: 64bit Shared libraries for IBM zSeries
 libc6-sparc64 - Embedded GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-sparcv9b - Embedded GNU C Library: Shared libraries [v9b optimized]
 libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc6-xen  - Embedded GNU C Library: Shared libraries [Xen version]
 libc6.1    - Embedded GNU C Library: Shared libraries
 libc6.1-alphaev67 - Embedded GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc6.1-pic - Embedded GNU C Library: PIC archive library
 libc6.1-prof - Embedded GNU C Library: Profiling Libraries
 libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - Embedded GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - Embedded GNU C Library: NSS helper for files - udeb (udeb)
 locales    - Embedded GNU C Library: National Language (locale) data [support]
 locales-all - Embedded GNU C Library: Precompiled locale data
 nscd       - Embedded GNU C Library: Name Service Cache Daemon
Closes: 527589 612540 614892 615120
Changes: 
 eglibc (2.11.2-12) unstable; urgency=medium
 .
   [ Aurelien Jarno ]
   * Re-enable build failure in case of testsuite regressions.
   * Add patches/any/cvs-fnmatch-alloca.patch from upstream to fix a
     memory corruption in fnmatch() that can lead to code execution.
     Closes: #615120.
   * Add patches/any/cvs-qsort-race.diff from upstream to fix race in
     qsort_r().  Closes: #614892.
 .
   [ Samuel Thibault ]
   * patches/any/submitted-sched_h.diff: Synchronize bits/sched.h with
     sysdeps/unix/sysv/linux/bits/sched.h (Closes: #527589), rename to
     cvs-sched_h.diff.
   * patches/hurd-i386/cvs-if_freereq.diff: Fix crash when siocgifconf
     actually succeeds.
 .
   [ Clint Adams ]
   * Patch from Nobuhiro Iwamatsu to cope with the removal of
     patch --unified-reject-files.  closes: #612540.
 .
   [ Steve Langasek ]
   * Merge parts of multiarch patch:
     - Use the correct path in the ldd script as well
     - Set default rtlddir to /lib and override it when needed.
     - Install xen library in $(libdir)/xen instead of /usr/lib/xen.
Checksums-Sha1: 
 aa5ba03363da5081c1ef3136c9e6c087df9cb31d 2730 eglibc_2.11.2-12.dsc
 3239a2408f823a24447c01157714fd8fec0592ea 894979 eglibc_2.11.2-12.diff.gz
 f8c5cf3b4aba213f79096b3ce58bf3acabb3b0b8 1843680 glibc-doc_2.11.2-12_all.deb
 297472c4b5149eaf3468644c64f999d38018c9c2 11073926 eglibc-source_2.11.2-12_all.deb
 d02783d674d5fb2250c1322de582d9fc3322e958 4756444 locales_2.11.2-12_all.deb
 a476056f081e60333093b574bb24d38c901be9cc 4273898 libc6_2.11.2-12_amd64.deb
 e30995c7cfce45a81d6dc96906d4d7a3ce674ebf 2588330 libc6-dev_2.11.2-12_amd64.deb
 ae409d61e5acff0f6f557d9065df7192a15f822d 2034054 libc6-prof_2.11.2-12_amd64.deb
 c947508448afd7de28a66081ada9bad75726e905 1547730 libc6-pic_2.11.2-12_amd64.deb
 e461ba0ae4cac70ed080ce0f0018473c7d7a9eb8 747060 libc-bin_2.11.2-12_amd64.deb
 56b2fde3e526d6d00fb8874c5dd43015013bf448 207546 libc-dev-bin_2.11.2-12_amd64.deb
 9356a4d1c2f5615f25c8b71a32a181ceda5bd331 3787132 locales-all_2.11.2-12_amd64.deb
 f76a54dabba3b2e8ca2909cde85cb294a39f1f7a 3805802 libc6-i386_2.11.2-12_amd64.deb
 15a7ee2bf5bbe8d8dc893d9e489ff9ae7b4d9177 1524786 libc6-dev-i386_2.11.2-12_amd64.deb
 0afe1f69a2f50413a84b7417b128ee7d93a6b5d8 197062 nscd_2.11.2-12_amd64.deb
 a148d010d51c74956c2c4d742e5c90d95f2f84b9 10426608 libc6-dbg_2.11.2-12_amd64.deb
 e449cb5da3f80cc36a4c756eaeb224f44a817a2d 1150622 libc6-udeb_2.11.2-12_amd64.udeb
 8c2ae40629cf2a27e9297d3913a9669f408af72c 11128 libnss-dns-udeb_2.11.2-12_amd64.udeb
 715ee3124b647931dfbdd1230f31563ef7880238 19690 libnss-files-udeb_2.11.2-12_amd64.udeb
Checksums-Sha256: 
 dfa076e93a99af5dbbc2b7040a0a5126b91069db400e9c842e1867436a003a9a 2730 eglibc_2.11.2-12.dsc
 8f1f7d00b5eec4d17d2481b7c75a4266f0d5d658ee9beeabc13af9abbce2e6d6 894979 eglibc_2.11.2-12.diff.gz
 bdf2aeabc6bac70d114113875667e84333e19a31e71d4165c1714469c7ae9429 1843680 glibc-doc_2.11.2-12_all.deb
 c5ba8907ccec84f67b9eeb5cff429eee13565d3079424bff4d8da93bf3295f7a 11073926 eglibc-source_2.11.2-12_all.deb
 c0f65cff7631ec5262dd4ffd5e7975aeee104311b8f2cc831865ab22404116c9 4756444 locales_2.11.2-12_all.deb
 f908208f4e7c350a383b001523a9c7c93736e471d34c8630ab747adf4a7a45b1 4273898 libc6_2.11.2-12_amd64.deb
 27aa98c2e0f540bd737f61fe29bab187c78a4152c7870ffafd3fc2ff71e069a5 2588330 libc6-dev_2.11.2-12_amd64.deb
 6a69a3a42181cdb0231b822ceb9f59a5bb742cb11eb05d95349135a033fd5ae6 2034054 libc6-prof_2.11.2-12_amd64.deb
 2e8b48d7be922fc3f65a8afc52ab073004605995d5671db48dc0b78ed5dc638d 1547730 libc6-pic_2.11.2-12_amd64.deb
 577224e218a3f9cca6148b39fff3243c59180a4a375db41c9ea928e2e0683a50 747060 libc-bin_2.11.2-12_amd64.deb
 cecbce251b08051ae24f87ffc23c50721c245757e3beae97358fdc0a89dd70de 207546 libc-dev-bin_2.11.2-12_amd64.deb
 637a8c6d327fec08afe5ff35766e4b14603e2a8a6fce1fc86189f7fdc241162f 3787132 locales-all_2.11.2-12_amd64.deb
 0dec156d128217e744cee92ed8d3466ea05051ea5970919d6e8c4e2c89f26589 3805802 libc6-i386_2.11.2-12_amd64.deb
 cbd18dceef61bb230b49f678096bfc9d659210f7a9f52262566a14caf8dec22c 1524786 libc6-dev-i386_2.11.2-12_amd64.deb
 6eeece180486980fe44278b90dfd279f3196980593b310a47f4e565418a51b15 197062 nscd_2.11.2-12_amd64.deb
 0f8b1e2d877bf3f37b059eb0aa8dfd7c0a904ceed9fb19d32f9dab7d949d2c78 10426608 libc6-dbg_2.11.2-12_amd64.deb
 4ca6f241c113c5c9c55d6669700690af7b80e1c5404a869573e227254379163f 1150622 libc6-udeb_2.11.2-12_amd64.udeb
 fea251b9967f8957cfc1ae51109014ebc073bfe6b709dc727614bb3301e17a2a 11128 libnss-dns-udeb_2.11.2-12_amd64.udeb
 e3bec6a398439a3a98a6749a483883fe554900b01f17697da595393f64c09cf4 19690 libnss-files-udeb_2.11.2-12_amd64.udeb
Files: 
 29496273b3af06a7c4b4da274e8972c6 2730 libs required eglibc_2.11.2-12.dsc
 ca3721edeba177189671d2b5ddfc743f 894979 libs required eglibc_2.11.2-12.diff.gz
 5558a1d8f0d7198ab90c9d211058739c 1843680 doc optional glibc-doc_2.11.2-12_all.deb
 5cf1086a9046304970ea074cde918ebc 11073926 devel optional eglibc-source_2.11.2-12_all.deb
 f510362d80df447265ee416a46c627c2 4756444 localization standard locales_2.11.2-12_all.deb
 8de44f03ef10dda26076f2657842e1ed 4273898 libs required libc6_2.11.2-12_amd64.deb
 3ba2ad38cc4b5228517f4a7059fe3bc6 2588330 libdevel optional libc6-dev_2.11.2-12_amd64.deb
 cf056959e7d109ba96c298da8b0e726b 2034054 libdevel extra libc6-prof_2.11.2-12_amd64.deb
 24f2fd4977d6a53964192a8cb11e5c98 1547730 libdevel optional libc6-pic_2.11.2-12_amd64.deb
 f97971f7d4c70e7345ea21316d62286c 747060 libs required libc-bin_2.11.2-12_amd64.deb
 b4da267d94e1359d748adbdad7665123 207546 libdevel optional libc-dev-bin_2.11.2-12_amd64.deb
 a113c0acd1592e556bdcdad256cdcd6f 3787132 localization extra locales-all_2.11.2-12_amd64.deb
 cfb9f685a7598c6b5539f9587835ed50 3805802 libs optional libc6-i386_2.11.2-12_amd64.deb
 44577402b9d747f5433532383290832b 1524786 libdevel optional libc6-dev-i386_2.11.2-12_amd64.deb
 bcd524b1bcbc567f2e6231c9094ee289 197062 admin optional nscd_2.11.2-12_amd64.deb
 168a0ade4882d763119b5b1dfe18a561 10426608 debug extra libc6-dbg_2.11.2-12_amd64.deb
 c15e1ee1806ee811555098915781c398 1150622 debian-installer extra libc6-udeb_2.11.2-12_amd64.udeb
 58c27c822a1f467adab5d7d00329aa5a 11128 debian-installer extra libnss-dns-udeb_2.11.2-12_amd64.udeb
 7f2febcab9af508fb77bf14cbdb03f49 19690 debian-installer extra libnss-files-udeb_2.11.2-12_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFNalW1w3ao2vG823MRAo8ZAJ43pnTBhTCi4XzMSWZJghbQzUgO1wCfTUFo
Hlk8v0YYCrGKW7h4Gtk1HeE=
=QMmo
-----END PGP SIGNATURE-----

Added tag(s) pending. Request was from Aurelien Jarno <aurel32@alioth.debian.org> to control@bugs.debian.org. (Fri, 12 Aug 2011 18:30:03 GMT) (full text, mbox, link).

Reply sent to Aurelien Jarno <aurel32@debian.org>:
You have taken responsibility. (Wed, 14 Dec 2011 19:57:12 GMT) (full text, mbox, link).

Notification sent to Michael Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Wed, 14 Dec 2011 19:57:12 GMT) (full text, mbox, link).

Message #29 received at 615120-close@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <aurel32@debian.org>
To: 615120-close@bugs.debian.org
Subject: Bug#615120: fixed in eglibc 2.11.3-1
Date: Wed, 14 Dec 2011 19:55:32 +0000
Source: eglibc
Source-Version: 2.11.3-1

We believe that the bug you reported is fixed in the latest version of
eglibc, which is due to be installed in the Debian FTP archive:

eglibc-source_2.11.3-1_all.deb
  to main/e/eglibc/eglibc-source_2.11.3-1_all.deb
eglibc_2.11.3-1.diff.gz
  to main/e/eglibc/eglibc_2.11.3-1.diff.gz
eglibc_2.11.3-1.dsc
  to main/e/eglibc/eglibc_2.11.3-1.dsc
eglibc_2.11.3.orig.tar.gz
  to main/e/eglibc/eglibc_2.11.3.orig.tar.gz
glibc-doc_2.11.3-1_all.deb
  to main/e/eglibc/glibc-doc_2.11.3-1_all.deb
libc-bin_2.11.3-1_amd64.deb
  to main/e/eglibc/libc-bin_2.11.3-1_amd64.deb
libc-dev-bin_2.11.3-1_amd64.deb
  to main/e/eglibc/libc-dev-bin_2.11.3-1_amd64.deb
libc6-dbg_2.11.3-1_amd64.deb
  to main/e/eglibc/libc6-dbg_2.11.3-1_amd64.deb
libc6-dev-i386_2.11.3-1_amd64.deb
  to main/e/eglibc/libc6-dev-i386_2.11.3-1_amd64.deb
libc6-dev_2.11.3-1_amd64.deb
  to main/e/eglibc/libc6-dev_2.11.3-1_amd64.deb
libc6-i386_2.11.3-1_amd64.deb
  to main/e/eglibc/libc6-i386_2.11.3-1_amd64.deb
libc6-pic_2.11.3-1_amd64.deb
  to main/e/eglibc/libc6-pic_2.11.3-1_amd64.deb
libc6-prof_2.11.3-1_amd64.deb
  to main/e/eglibc/libc6-prof_2.11.3-1_amd64.deb
libc6-udeb_2.11.3-1_amd64.udeb
  to main/e/eglibc/libc6-udeb_2.11.3-1_amd64.udeb
libc6_2.11.3-1_amd64.deb
  to main/e/eglibc/libc6_2.11.3-1_amd64.deb
libnss-dns-udeb_2.11.3-1_amd64.udeb
  to main/e/eglibc/libnss-dns-udeb_2.11.3-1_amd64.udeb
libnss-files-udeb_2.11.3-1_amd64.udeb
  to main/e/eglibc/libnss-files-udeb_2.11.3-1_amd64.udeb
locales-all_2.11.3-1_amd64.deb
  to main/e/eglibc/locales-all_2.11.3-1_amd64.deb
locales_2.11.3-1_all.deb
  to main/e/eglibc/locales_2.11.3-1_all.deb
nscd_2.11.3-1_amd64.deb
  to main/e/eglibc/nscd_2.11.3-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 615120@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated eglibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 13 Dec 2011 11:23:12 +0100
Source: eglibc
Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-sparcv9b libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb
Architecture: source all amd64
Version: 2.11.3-1
Distribution: stable
Urgency: low
Maintainer: Aurelien Jarno <aurel32@debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description: 
 eglibc-source - Embedded GNU C Library: sources
 glibc-doc  - Embedded GNU C Library: Documentation
 libc-bin   - Embedded GNU C Library: Binaries
 libc-dev-bin - Embedded GNU C Library: Development binaries
 libc0.1    - Embedded GNU C Library: Shared libraries
 libc0.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for AMD64
 libc0.1-i386 - Embedded GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - Embedded GNU C Library: PIC archive library
 libc0.1-prof - Embedded GNU C Library: Profiling Libraries
 libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - Embedded GNU C Library: Shared libraries
 libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.3-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.3-pic - Embedded GNU C Library: PIC archive library
 libc0.3-prof - Embedded GNU C Library: Profiling Libraries
 libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3-xen - Embedded GNU C Library: Shared libraries [Xen version]
 libc6      - Embedded GNU C Library: Shared libraries
 libc6-amd64 - Embedded GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - Embedded GNU C Library: detached debugging symbols
 libc6-dev  - Embedded GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - Embedded GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - Embedded GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips64 - Embedded GNU C Library: 64bit Development Libraries for MIPS64
 libc6-dev-mipsn32 - Embedded GNU C Library: n32 Development Libraries for MIPS64
 libc6-dev-powerpc - Embedded GNU C Library: 32bit powerpc development libraries for p
 libc6-dev-ppc64 - Embedded GNU C Library: 64bit Development Libraries for PowerPC64
 libc6-dev-s390x - Embedded GNU C Library: 64bit Development Libraries for IBM zSeri
 libc6-dev-sparc64 - Embedded GNU C Library: 64bit Development Libraries for UltraSPAR
 libc6-i386 - Embedded GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc6-mips64 - Embedded GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - Embedded GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - Embedded GNU C Library: PIC archive library
 libc6-powerpc - Embedded GNU C Library: 32bit powerpc shared libraries for ppc64
 libc6-ppc64 - Embedded GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-prof - Embedded GNU C Library: Profiling Libraries
 libc6-s390x - Embedded GNU C Library: 64bit Shared libraries for IBM zSeries
 libc6-sparc64 - Embedded GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-sparcv9b - Embedded GNU C Library: Shared libraries [v9b optimized]
 libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc6-xen  - Embedded GNU C Library: Shared libraries [Xen version]
 libc6.1    - Embedded GNU C Library: Shared libraries
 libc6.1-alphaev67 - Embedded GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc6.1-pic - Embedded GNU C Library: PIC archive library
 libc6.1-prof - Embedded GNU C Library: Profiling Libraries
 libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - Embedded GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - Embedded GNU C Library: NSS helper for files - udeb (udeb)
 locales    - Embedded GNU C Library: National Language (locale) data [support]
 locales-all - Embedded GNU C Library: Precompiled locale data
 nscd       - Embedded GNU C Library: Name Service Cache Daemon
Closes: 535504 541167 561249 588218 609389 615120 619963 625250 626370 630077 630695 635885 637239 639897 646549
Changes: 
 eglibc (2.11.3-1) stable; urgency=low
 .
   * Update from stable upstream version, and update from the upstream
     stable branch:
     - fix wrong memmove/bcopy optimization with gcc-4.6.  Closes: #619963.
     - fix an integer overflow in fnmatch() (CVE-2011-1659).  Closes: #626370.
     - fix spurious warning in bswap_16() with -Wconversion.  Closes: #561249.
     - fix auxiliary cache file creation.  Closes: #588218.
     - fix memory corruption in fnmatch() that can lead to code execution
       (CVE-2011-1071).  Closes: #615120
     - fix strchr() on x86-64 CPU with SSE4.2.  Closes: #635885
   * Update patches:
     - patches/locale/locale-print-LANGUAGE.diff
     - patches/hppa/local-stack-grows-up.diff
     - patches/m68k/cvs-tls-support.patch
     - patches/any/local-disable-test-tgmath4.diff
     - patches/any/submitted-longdouble.diff
     - patches/any/submitted-bits-fcntl_h-at.diff
     - patches/kfreebsd/local-readdir_r.diff
   * Drop obsolete patches:
     - patches/any/cvs-redirect-throw.diff
     - patches/any/cvs-flush-cache-textrels.diff
     - patches/hurd-i386/cvs-linkat.diff
     - patches/hurd-i386/cvs-select.diff
     - patches/sparc/submitted-epoll.diff
     - patches/any/cvs-dont-expand-dst-twice.diff
     - patches/amd64/cvs-avx-tcb-alignment.diff
     - patches/any/submitted-etc-resolv.conf.diff
     - patches/any/cvs-audit-suid.diff
   * kfreebsd/local-sysdeps.diff, update to r3763 (from squeeze glibc-bsd).
     - fixes LD_PRELOAD with a kfreebsd-9 kernel. Closes: #630695.
     - uses upstream RFTSIGZMB for exit signal selection when available.
     - fixes a crash in if_nameindex() with more than 3 interfaces.
     - alter faccessat() X_OK tests similarly as access(). See #640334.
     - fix __libc_sa_len() for AF_LOCAL. See #645527.
   * Fix preinst script wrt 3.0 kernel. Patch by Colin Watson.  Closes:
     #630077.
   * Update submitted-resolv.conf-thread.diff from upstream to fix a
     deadlock in some rare cases.
   * Add patches/any/cvs-resolv-different-nameserver.diff and
     patches/any/submitted-resolv-assert.diff to try a different
     nameserver if the first one returns REFUSED.  Closes: #535504.
   * Add patches/any/cvs-getaddrinfo-single-lookup.diff to fix fallback to
     single lookup dns requests.  Closes: #541167.
   * Add patches/any/cvs-pthread-setgroups.diff to fix setgroups() with
     multiple threads.
   * Add debian/patches/cvs-dl_close-scope-handling.diff from upstream to
     fix issues with dl_close() when resolving locally-defined symbols.
     Closes: #625250.
   * patches/i386/local-cpuid-level2.diff: fix a typo.  Closes: #609389.
   * patches/any/cvs-nptl-pthread-race.diff: fix a race in NPTL code that
     sometimes causes a deadlock when calling fork() from a thread.
   * patches/amd64/cvs-avx-detection.diff: do not use AVX if hardware support
     is present, but not enabled in the kernel.  Closes: #646549.
   * patches/any/cvs-statvfs-mount-flags.diff: get the mount flags directly
     from the kernel when possible instead of parsing /proc/mounts.  Closes:
     #639897.
   * patches/any/cvs-dlopen-tls.diff:  fix handling of static TLS in
     dlopen'ed objects.  Closes: #637239.
Checksums-Sha1: 
 fbb02f53c48f2bbf886f72993f56ec27ddae3fe5 2609 eglibc_2.11.3-1.dsc
 946ce1056c3b8a4f6cc908a6a7f8600dcc81216b 22677499 eglibc_2.11.3.orig.tar.gz
 5fe774d60be6b9eb7dee81b9c3c0a10af50518e7 911895 eglibc_2.11.3-1.diff.gz
 6525083e9b973c7978383e21dc217964646ec516 1851226 glibc-doc_2.11.3-1_all.deb
 ac4b227903817487e7d165d269d7e03318d40503 11102430 eglibc-source_2.11.3-1_all.deb
 b431f0551303ee709faf9b025c0194568efecfc4 4761210 locales_2.11.3-1_all.deb
 018c1854f429608a661d020783c60f8bdd187495 4280536 libc6_2.11.3-1_amd64.deb
 b4403c1c2aecac91e6720ad20c8a9315d252425b 2592022 libc6-dev_2.11.3-1_amd64.deb
 fc193489d5b4c93fe259f43512588e75cab8b4d2 2035588 libc6-prof_2.11.3-1_amd64.deb
 5a2cd2bb561f6a1fd55ce497cf5dbcf9bf64b9f5 1548920 libc6-pic_2.11.3-1_amd64.deb
 f0c54d398207226e1d29eed31e8f2b8156808db3 748266 libc-bin_2.11.3-1_amd64.deb
 9179dd998986d8b7a3621812a488bc8738ebcd0d 209932 libc-dev-bin_2.11.3-1_amd64.deb
 258de9dc037342df6ac6c4f520c90f0ed578682b 3660240 locales-all_2.11.3-1_amd64.deb
 84918828b8023c521f3807ea0bb1e9d502ecb755 3812582 libc6-i386_2.11.3-1_amd64.deb
 8d7dd6e596e8775e493ecacc196287a7cb109010 1526858 libc6-dev-i386_2.11.3-1_amd64.deb
 1a265dd782810b30662f12b8d850933409feb0e4 197314 nscd_2.11.3-1_amd64.deb
 b47317d1fd472862aa0bbb61b837294d50da13d7 10479894 libc6-dbg_2.11.3-1_amd64.deb
 c72ddebc66cc1a623cf054d42b66735f04fde852 1152164 libc6-udeb_2.11.3-1_amd64.udeb
 26f5267fecc0d9a703869f68f1f6d84995d75596 11106 libnss-dns-udeb_2.11.3-1_amd64.udeb
 f7c5b2024a32af9f60fb9f7a2688073f58859f3e 20136 libnss-files-udeb_2.11.3-1_amd64.udeb
Checksums-Sha256: 
 89d3b3cfa96e378654d6680d9da28cf3e23920155b17c5aa80b55f9c4ed8451a 2609 eglibc_2.11.3-1.dsc
 86468e94516b84c586b0f5c78c5b2361474698a7619f465091b1a61f0ae134af 22677499 eglibc_2.11.3.orig.tar.gz
 4025d5e303b5452c92ae6fc4d5d9ded0c56d8c91733017347a88b55ad5d5c68e 911895 eglibc_2.11.3-1.diff.gz
 cdfee35accfc28570ace0255b22f7af4faa5e7682cb6f0499d83512b37fa2da3 1851226 glibc-doc_2.11.3-1_all.deb
 893906a4889183c38829d10fc23513ee83209fd4383256174c16bab9a611f53c 11102430 eglibc-source_2.11.3-1_all.deb
 f29f25b62dd44c0ab512ba6d0b1f9c1d3d1c9e15ede2d8bbbc54ba00dedf89cb 4761210 locales_2.11.3-1_all.deb
 5b2b729074dda7f5247eb70c651ce6297148d471e91f61fc421702c2b855427d 4280536 libc6_2.11.3-1_amd64.deb
 cea38b5e11910146163072715871f65832e03c5635a02604a19dd873ac665f5e 2592022 libc6-dev_2.11.3-1_amd64.deb
 4d9a915f44bf4b8cf98d875733cd51920101afbccf713704c3f9c15dfa80b06a 2035588 libc6-prof_2.11.3-1_amd64.deb
 40f6f1b584dce7ed2a984c0f8c1d2d5c04172867d40c18065c3d9bf64fbf8fb8 1548920 libc6-pic_2.11.3-1_amd64.deb
 5282d31aa028cc7c50a3f089a8dbef9cb6c740cbdb54d8b2f4ec6d2e41e5a044 748266 libc-bin_2.11.3-1_amd64.deb
 5f5f89b39b46d696232b7ae6ce6f6058bfd032bda73e308c67d5a208c3265b5e 209932 libc-dev-bin_2.11.3-1_amd64.deb
 7f1e587c68f3348704d8dec08c9a5705a7c9ea62200595da09b4cd635c73946f 3660240 locales-all_2.11.3-1_amd64.deb
 95dad61c46ff6a145cd1ea6645e90efb54190abb05d343999d7095dd90516a08 3812582 libc6-i386_2.11.3-1_amd64.deb
 f516fd0fbbea09f6f8eca573e7867ddb729bb14cf476a025419174793d539f23 1526858 libc6-dev-i386_2.11.3-1_amd64.deb
 e87e256800accc0c24a37eaa29bad321e993d0fbab103e52c924c35ba9c0ac53 197314 nscd_2.11.3-1_amd64.deb
 b40cb100648108d7ac5f2ed4f9cd90b72cded805770436775fce1208e4785e1b 10479894 libc6-dbg_2.11.3-1_amd64.deb
 800e2cbf9d657663ef9aec877cd783ee5d9f230cf41808fad61e5cd2fcaa12ec 1152164 libc6-udeb_2.11.3-1_amd64.udeb
 ff0ee247a3894978efb3bb79b049d94b69967bcd4f021da925db0c8c38277d32 11106 libnss-dns-udeb_2.11.3-1_amd64.udeb
 26d5e05a9605f8fa2be703c9f51e33b346bfa35bf93227df044bd88a60a8e042 20136 libnss-files-udeb_2.11.3-1_amd64.udeb
Files: 
 2499ae0d38d415f5b178fe4d9de0b953 2609 libs required eglibc_2.11.3-1.dsc
 dd8e9ddf5a3d62209d2ef113888d0899 22677499 libs required eglibc_2.11.3.orig.tar.gz
 4ebb4997515cd758c6b49752296a0815 911895 libs required eglibc_2.11.3-1.diff.gz
 596404bd20f47e14d112d9d0c9267ed0 1851226 doc optional glibc-doc_2.11.3-1_all.deb
 8bd30dcd2e530b6ceda8e53497819a94 11102430 devel optional eglibc-source_2.11.3-1_all.deb
 7f06f3e42d4d116aa105553488fcd13f 4761210 localization standard locales_2.11.3-1_all.deb
 46bda1167945514343cc58ac892773fe 4280536 libs required libc6_2.11.3-1_amd64.deb
 79653cac13bd867841bbf84dcda3bc3d 2592022 libdevel optional libc6-dev_2.11.3-1_amd64.deb
 da18b6d75766cbfb56320ffd92618aec 2035588 libdevel extra libc6-prof_2.11.3-1_amd64.deb
 ba6fc4fda58bc8fb5b7b9e9d304713c2 1548920 libdevel optional libc6-pic_2.11.3-1_amd64.deb
 4011b2e0da4444d3198aba6ea14ec5ea 748266 libs required libc-bin_2.11.3-1_amd64.deb
 12b8265a5618f1a722cb1f5609d58251 209932 libdevel optional libc-dev-bin_2.11.3-1_amd64.deb
 ac36937438147ab9446d97ebfd9ccf96 3660240 localization extra locales-all_2.11.3-1_amd64.deb
 dde532b796bc117979f2f1b54b04d844 3812582 libs optional libc6-i386_2.11.3-1_amd64.deb
 0f1da83107e9aa52a943ede360382358 1526858 libdevel optional libc6-dev-i386_2.11.3-1_amd64.deb
 5053b4c9a70b901b88a5c88b6e8a9f74 197314 admin optional nscd_2.11.3-1_amd64.deb
 b1afd15812cc23893eb2618278bb2308 10479894 debug extra libc6-dbg_2.11.3-1_amd64.deb
 e9f290ce37f74e9ea1d4711242e0ff99 1152164 debian-installer extra libc6-udeb_2.11.3-1_amd64.udeb
 6214f1d10ad24e5b7058322b4220e286 11106 debian-installer extra libnss-dns-udeb_2.11.3-1_amd64.udeb
 76bb39b6ab4b837c13a60020a383fbed 20136 debian-installer extra libnss-files-udeb_2.11.3-1_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFO6EG8w3ao2vG823MRAnOVAJ9/Lk/mAXuCGkorjU9N5Zq97ioMRQCggp6k
BK3uF3KrAYaU6Ob/PQiCk10=
=FIk3
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 02 Feb 2012 07:33:15 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:33:55 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started