Reported by: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Fri, 25 Feb 2011 21:21:01 UTC
Severity: grave
Found in version 2.11.2-10
Fixed in versions eglibc/2.11.2-12, eglibc/2.11.3-1
Done: Aurelien Jarno <aurel32@debian.org>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>
:
Bug#615120
; Package eglibc
.
(Fri, 25 Feb 2011 21:21:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <michael.s.gilbert@gmail.com>
:
New Bug report received and forwarded. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>
.
(Fri, 25 Feb 2011 21:21:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
package: eglibc version: 2.11.2-10 severity: grave tag: security A memory corruption issue has been disclosed for eglibc [0]. I've checked, and lenny (glibc), squeeze, and sid are affected by the poc. experimental is not. According to the report, this permits arbitrary code execution. [0] http://seclists.org/fulldisclosure/2011/Feb/635
Information forwarded
to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>
:
Bug#615120
; Package eglibc
.
(Sat, 26 Feb 2011 10:33:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Aurelien Jarno <aurelien@aurel32.net>
:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>
.
(Sat, 26 Feb 2011 10:33:04 GMT) (full text, mbox, link).
Message #10 received at 615120@bugs.debian.org (full text, mbox, reply):
On Fri, Feb 25, 2011 at 04:22:11PM -0500, Michael Gilbert wrote: > package: eglibc > version: 2.11.2-10 > severity: grave > tag: security > > A memory corruption issue has been disclosed for eglibc [0]. I've > checked, and lenny (glibc), squeeze, and sid are affected by the poc. > experimental is not. According to the report, this permits arbitrary > code execution. > Do you have a CVE number that we can use in the changelog? -- Aurelien Jarno GPG: 1024D/F1BCDB73 aurelien@aurel32.net http://www.aurel32.net
Information forwarded
to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>
:
Bug#615120
; Package eglibc
.
(Sat, 26 Feb 2011 14:18:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <michael.s.gilbert@gmail.com>
:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>
.
(Sat, 26 Feb 2011 14:18:07 GMT) (full text, mbox, link).
Message #15 received at 615120@bugs.debian.org (full text, mbox, reply):
On Sat, 26 Feb 2011 11:29:06 +0100 Aurelien Jarno wrote: > On Fri, Feb 25, 2011 at 04:22:11PM -0500, Michael Gilbert wrote: > > package: eglibc > > version: 2.11.2-10 > > severity: grave > > tag: security > > > > A memory corruption issue has been disclosed for eglibc [0]. I've > > checked, and lenny (glibc), squeeze, and sid are affected by the poc. > > experimental is not. According to the report, this permits arbitrary > > code execution. > > > > Do you have a CVE number that we can use in the changelog? No, there hasn't been one assigned yet. Mike
Added tag(s) pending.
Request was from Aurelien Jarno <aurel32@alioth.debian.org>
to control@bugs.debian.org
.
(Sat, 26 Feb 2011 17:12:05 GMT) (full text, mbox, link).
Reply sent
to Aurelien Jarno <aurel32@debian.org>
:
You have taken responsibility.
(Sun, 27 Feb 2011 15:51:11 GMT) (full text, mbox, link).
Notification sent
to Michael Gilbert <michael.s.gilbert@gmail.com>
:
Bug acknowledged by developer.
(Sun, 27 Feb 2011 15:51:12 GMT) (full text, mbox, link).
Message #22 received at 615120-close@bugs.debian.org (full text, mbox, reply):
Source: eglibc Source-Version: 2.11.2-12 We believe that the bug you reported is fixed in the latest version of eglibc, which is due to be installed in the Debian FTP archive: eglibc-source_2.11.2-12_all.deb to main/e/eglibc/eglibc-source_2.11.2-12_all.deb eglibc_2.11.2-12.diff.gz to main/e/eglibc/eglibc_2.11.2-12.diff.gz eglibc_2.11.2-12.dsc to main/e/eglibc/eglibc_2.11.2-12.dsc glibc-doc_2.11.2-12_all.deb to main/e/eglibc/glibc-doc_2.11.2-12_all.deb libc-bin_2.11.2-12_amd64.deb to main/e/eglibc/libc-bin_2.11.2-12_amd64.deb libc-dev-bin_2.11.2-12_amd64.deb to main/e/eglibc/libc-dev-bin_2.11.2-12_amd64.deb libc6-dbg_2.11.2-12_amd64.deb to main/e/eglibc/libc6-dbg_2.11.2-12_amd64.deb libc6-dev-i386_2.11.2-12_amd64.deb to main/e/eglibc/libc6-dev-i386_2.11.2-12_amd64.deb libc6-dev_2.11.2-12_amd64.deb to main/e/eglibc/libc6-dev_2.11.2-12_amd64.deb libc6-i386_2.11.2-12_amd64.deb to main/e/eglibc/libc6-i386_2.11.2-12_amd64.deb libc6-pic_2.11.2-12_amd64.deb to main/e/eglibc/libc6-pic_2.11.2-12_amd64.deb libc6-prof_2.11.2-12_amd64.deb to main/e/eglibc/libc6-prof_2.11.2-12_amd64.deb libc6-udeb_2.11.2-12_amd64.udeb to main/e/eglibc/libc6-udeb_2.11.2-12_amd64.udeb libc6_2.11.2-12_amd64.deb to main/e/eglibc/libc6_2.11.2-12_amd64.deb libnss-dns-udeb_2.11.2-12_amd64.udeb to main/e/eglibc/libnss-dns-udeb_2.11.2-12_amd64.udeb libnss-files-udeb_2.11.2-12_amd64.udeb to main/e/eglibc/libnss-files-udeb_2.11.2-12_amd64.udeb locales-all_2.11.2-12_amd64.deb to main/e/eglibc/locales-all_2.11.2-12_amd64.deb locales_2.11.2-12_all.deb to main/e/eglibc/locales_2.11.2-12_all.deb nscd_2.11.2-12_amd64.deb to main/e/eglibc/nscd_2.11.2-12_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 615120@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aurelien Jarno <aurel32@debian.org> (supplier of updated eglibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 26 Feb 2011 18:28:26 +0100 Source: eglibc Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-sparcv9b libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb Architecture: source all amd64 Version: 2.11.2-12 Distribution: unstable Urgency: medium Maintainer: Aurelien Jarno <aurel32@debian.org> Changed-By: Aurelien Jarno <aurel32@debian.org> Description: eglibc-source - Embedded GNU C Library: sources glibc-doc - Embedded GNU C Library: Documentation libc-bin - Embedded GNU C Library: Binaries libc-dev-bin - Embedded GNU C Library: Development binaries libc0.1 - Embedded GNU C Library: Shared libraries libc0.1-dbg - Embedded GNU C Library: detached debugging symbols libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for AMD64 libc0.1-i386 - Embedded GNU C Library: 32bit shared libraries for AMD64 libc0.1-i686 - Embedded GNU C Library: Shared libraries [i686 optimized] libc0.1-pic - Embedded GNU C Library: PIC archive library libc0.1-prof - Embedded GNU C Library: Profiling Libraries libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc0.3 - Embedded GNU C Library: Shared libraries libc0.3-dbg - Embedded GNU C Library: detached debugging symbols libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files libc0.3-i686 - Embedded GNU C Library: Shared libraries [i686 optimized] libc0.3-pic - Embedded GNU C Library: PIC archive library libc0.3-prof - Embedded GNU C Library: Profiling Libraries libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc0.3-xen - Embedded GNU C Library: Shared libraries [Xen version] libc6 - Embedded GNU C Library: Shared libraries libc6-amd64 - Embedded GNU C Library: 64bit Shared libraries for AMD64 libc6-dbg - Embedded GNU C Library: detached debugging symbols libc6-dev - Embedded GNU C Library: Development Libraries and Header Files libc6-dev-amd64 - Embedded GNU C Library: 64bit Development Libraries for AMD64 libc6-dev-i386 - Embedded GNU C Library: 32-bit development libraries for AMD64 libc6-dev-mips64 - Embedded GNU C Library: 64bit Development Libraries for MIPS64 libc6-dev-mipsn32 - Embedded GNU C Library: n32 Development Libraries for MIPS64 libc6-dev-powerpc - Embedded GNU C Library: 32bit powerpc development libraries for p libc6-dev-ppc64 - Embedded GNU C Library: 64bit Development Libraries for PowerPC64 libc6-dev-s390x - Embedded GNU C Library: 64bit Development Libraries for IBM zSeri libc6-dev-sparc64 - Embedded GNU C Library: 64bit Development Libraries for UltraSPAR libc6-i386 - Embedded GNU C Library: 32-bit shared libraries for AMD64 libc6-i686 - Embedded GNU C Library: Shared libraries [i686 optimized] libc6-mips64 - Embedded GNU C Library: 64bit Shared libraries for MIPS64 libc6-mipsn32 - Embedded GNU C Library: n32 Shared libraries for MIPS64 libc6-pic - Embedded GNU C Library: PIC archive library libc6-powerpc - Embedded GNU C Library: 32bit powerpc shared libraries for ppc64 libc6-ppc64 - Embedded GNU C Library: 64bit Shared libraries for PowerPC64 libc6-prof - Embedded GNU C Library: Profiling Libraries libc6-s390x - Embedded GNU C Library: 64bit Shared libraries for IBM zSeries libc6-sparc64 - Embedded GNU C Library: 64bit Shared libraries for UltraSPARC libc6-sparcv9b - Embedded GNU C Library: Shared libraries [v9b optimized] libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc6-xen - Embedded GNU C Library: Shared libraries [Xen version] libc6.1 - Embedded GNU C Library: Shared libraries libc6.1-alphaev67 - Embedded GNU C Library: Shared libraries (EV67 optimized) libc6.1-dbg - Embedded GNU C Library: detached debugging symbols libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files libc6.1-pic - Embedded GNU C Library: PIC archive library libc6.1-prof - Embedded GNU C Library: Profiling Libraries libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libnss-dns-udeb - Embedded GNU C Library: NSS helper for DNS - udeb (udeb) libnss-files-udeb - Embedded GNU C Library: NSS helper for files - udeb (udeb) locales - Embedded GNU C Library: National Language (locale) data [support] locales-all - Embedded GNU C Library: Precompiled locale data nscd - Embedded GNU C Library: Name Service Cache Daemon Closes: 527589 612540 614892 615120 Changes: eglibc (2.11.2-12) unstable; urgency=medium . [ Aurelien Jarno ] * Re-enable build failure in case of testsuite regressions. * Add patches/any/cvs-fnmatch-alloca.patch from upstream to fix a memory corruption in fnmatch() that can lead to code execution. Closes: #615120. * Add patches/any/cvs-qsort-race.diff from upstream to fix race in qsort_r(). Closes: #614892. . [ Samuel Thibault ] * patches/any/submitted-sched_h.diff: Synchronize bits/sched.h with sysdeps/unix/sysv/linux/bits/sched.h (Closes: #527589), rename to cvs-sched_h.diff. * patches/hurd-i386/cvs-if_freereq.diff: Fix crash when siocgifconf actually succeeds. . [ Clint Adams ] * Patch from Nobuhiro Iwamatsu to cope with the removal of patch --unified-reject-files. closes: #612540. . [ Steve Langasek ] * Merge parts of multiarch patch: - Use the correct path in the ldd script as well - Set default rtlddir to /lib and override it when needed. - Install xen library in $(libdir)/xen instead of /usr/lib/xen. Checksums-Sha1: aa5ba03363da5081c1ef3136c9e6c087df9cb31d 2730 eglibc_2.11.2-12.dsc 3239a2408f823a24447c01157714fd8fec0592ea 894979 eglibc_2.11.2-12.diff.gz f8c5cf3b4aba213f79096b3ce58bf3acabb3b0b8 1843680 glibc-doc_2.11.2-12_all.deb 297472c4b5149eaf3468644c64f999d38018c9c2 11073926 eglibc-source_2.11.2-12_all.deb d02783d674d5fb2250c1322de582d9fc3322e958 4756444 locales_2.11.2-12_all.deb a476056f081e60333093b574bb24d38c901be9cc 4273898 libc6_2.11.2-12_amd64.deb e30995c7cfce45a81d6dc96906d4d7a3ce674ebf 2588330 libc6-dev_2.11.2-12_amd64.deb ae409d61e5acff0f6f557d9065df7192a15f822d 2034054 libc6-prof_2.11.2-12_amd64.deb c947508448afd7de28a66081ada9bad75726e905 1547730 libc6-pic_2.11.2-12_amd64.deb e461ba0ae4cac70ed080ce0f0018473c7d7a9eb8 747060 libc-bin_2.11.2-12_amd64.deb 56b2fde3e526d6d00fb8874c5dd43015013bf448 207546 libc-dev-bin_2.11.2-12_amd64.deb 9356a4d1c2f5615f25c8b71a32a181ceda5bd331 3787132 locales-all_2.11.2-12_amd64.deb f76a54dabba3b2e8ca2909cde85cb294a39f1f7a 3805802 libc6-i386_2.11.2-12_amd64.deb 15a7ee2bf5bbe8d8dc893d9e489ff9ae7b4d9177 1524786 libc6-dev-i386_2.11.2-12_amd64.deb 0afe1f69a2f50413a84b7417b128ee7d93a6b5d8 197062 nscd_2.11.2-12_amd64.deb a148d010d51c74956c2c4d742e5c90d95f2f84b9 10426608 libc6-dbg_2.11.2-12_amd64.deb e449cb5da3f80cc36a4c756eaeb224f44a817a2d 1150622 libc6-udeb_2.11.2-12_amd64.udeb 8c2ae40629cf2a27e9297d3913a9669f408af72c 11128 libnss-dns-udeb_2.11.2-12_amd64.udeb 715ee3124b647931dfbdd1230f31563ef7880238 19690 libnss-files-udeb_2.11.2-12_amd64.udeb Checksums-Sha256: dfa076e93a99af5dbbc2b7040a0a5126b91069db400e9c842e1867436a003a9a 2730 eglibc_2.11.2-12.dsc 8f1f7d00b5eec4d17d2481b7c75a4266f0d5d658ee9beeabc13af9abbce2e6d6 894979 eglibc_2.11.2-12.diff.gz bdf2aeabc6bac70d114113875667e84333e19a31e71d4165c1714469c7ae9429 1843680 glibc-doc_2.11.2-12_all.deb c5ba8907ccec84f67b9eeb5cff429eee13565d3079424bff4d8da93bf3295f7a 11073926 eglibc-source_2.11.2-12_all.deb c0f65cff7631ec5262dd4ffd5e7975aeee104311b8f2cc831865ab22404116c9 4756444 locales_2.11.2-12_all.deb f908208f4e7c350a383b001523a9c7c93736e471d34c8630ab747adf4a7a45b1 4273898 libc6_2.11.2-12_amd64.deb 27aa98c2e0f540bd737f61fe29bab187c78a4152c7870ffafd3fc2ff71e069a5 2588330 libc6-dev_2.11.2-12_amd64.deb 6a69a3a42181cdb0231b822ceb9f59a5bb742cb11eb05d95349135a033fd5ae6 2034054 libc6-prof_2.11.2-12_amd64.deb 2e8b48d7be922fc3f65a8afc52ab073004605995d5671db48dc0b78ed5dc638d 1547730 libc6-pic_2.11.2-12_amd64.deb 577224e218a3f9cca6148b39fff3243c59180a4a375db41c9ea928e2e0683a50 747060 libc-bin_2.11.2-12_amd64.deb cecbce251b08051ae24f87ffc23c50721c245757e3beae97358fdc0a89dd70de 207546 libc-dev-bin_2.11.2-12_amd64.deb 637a8c6d327fec08afe5ff35766e4b14603e2a8a6fce1fc86189f7fdc241162f 3787132 locales-all_2.11.2-12_amd64.deb 0dec156d128217e744cee92ed8d3466ea05051ea5970919d6e8c4e2c89f26589 3805802 libc6-i386_2.11.2-12_amd64.deb cbd18dceef61bb230b49f678096bfc9d659210f7a9f52262566a14caf8dec22c 1524786 libc6-dev-i386_2.11.2-12_amd64.deb 6eeece180486980fe44278b90dfd279f3196980593b310a47f4e565418a51b15 197062 nscd_2.11.2-12_amd64.deb 0f8b1e2d877bf3f37b059eb0aa8dfd7c0a904ceed9fb19d32f9dab7d949d2c78 10426608 libc6-dbg_2.11.2-12_amd64.deb 4ca6f241c113c5c9c55d6669700690af7b80e1c5404a869573e227254379163f 1150622 libc6-udeb_2.11.2-12_amd64.udeb fea251b9967f8957cfc1ae51109014ebc073bfe6b709dc727614bb3301e17a2a 11128 libnss-dns-udeb_2.11.2-12_amd64.udeb e3bec6a398439a3a98a6749a483883fe554900b01f17697da595393f64c09cf4 19690 libnss-files-udeb_2.11.2-12_amd64.udeb Files: 29496273b3af06a7c4b4da274e8972c6 2730 libs required eglibc_2.11.2-12.dsc ca3721edeba177189671d2b5ddfc743f 894979 libs required eglibc_2.11.2-12.diff.gz 5558a1d8f0d7198ab90c9d211058739c 1843680 doc optional glibc-doc_2.11.2-12_all.deb 5cf1086a9046304970ea074cde918ebc 11073926 devel optional eglibc-source_2.11.2-12_all.deb f510362d80df447265ee416a46c627c2 4756444 localization standard locales_2.11.2-12_all.deb 8de44f03ef10dda26076f2657842e1ed 4273898 libs required libc6_2.11.2-12_amd64.deb 3ba2ad38cc4b5228517f4a7059fe3bc6 2588330 libdevel optional libc6-dev_2.11.2-12_amd64.deb cf056959e7d109ba96c298da8b0e726b 2034054 libdevel extra libc6-prof_2.11.2-12_amd64.deb 24f2fd4977d6a53964192a8cb11e5c98 1547730 libdevel optional libc6-pic_2.11.2-12_amd64.deb f97971f7d4c70e7345ea21316d62286c 747060 libs required libc-bin_2.11.2-12_amd64.deb b4da267d94e1359d748adbdad7665123 207546 libdevel optional libc-dev-bin_2.11.2-12_amd64.deb a113c0acd1592e556bdcdad256cdcd6f 3787132 localization extra locales-all_2.11.2-12_amd64.deb cfb9f685a7598c6b5539f9587835ed50 3805802 libs optional libc6-i386_2.11.2-12_amd64.deb 44577402b9d747f5433532383290832b 1524786 libdevel optional libc6-dev-i386_2.11.2-12_amd64.deb bcd524b1bcbc567f2e6231c9094ee289 197062 admin optional nscd_2.11.2-12_amd64.deb 168a0ade4882d763119b5b1dfe18a561 10426608 debug extra libc6-dbg_2.11.2-12_amd64.deb c15e1ee1806ee811555098915781c398 1150622 debian-installer extra libc6-udeb_2.11.2-12_amd64.udeb 58c27c822a1f467adab5d7d00329aa5a 11128 debian-installer extra libnss-dns-udeb_2.11.2-12_amd64.udeb 7f2febcab9af508fb77bf14cbdb03f49 19690 debian-installer extra libnss-files-udeb_2.11.2-12_amd64.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iD8DBQFNalW1w3ao2vG823MRAo8ZAJ43pnTBhTCi4XzMSWZJghbQzUgO1wCfTUFo Hlk8v0YYCrGKW7h4Gtk1HeE= =QMmo -----END PGP SIGNATURE-----
Added tag(s) pending.
Request was from Aurelien Jarno <aurel32@alioth.debian.org>
to control@bugs.debian.org
.
(Fri, 12 Aug 2011 18:30:03 GMT) (full text, mbox, link).
Reply sent
to Aurelien Jarno <aurel32@debian.org>
:
You have taken responsibility.
(Wed, 14 Dec 2011 19:57:12 GMT) (full text, mbox, link).
Notification sent
to Michael Gilbert <michael.s.gilbert@gmail.com>
:
Bug acknowledged by developer.
(Wed, 14 Dec 2011 19:57:12 GMT) (full text, mbox, link).
Message #29 received at 615120-close@bugs.debian.org (full text, mbox, reply):
Source: eglibc Source-Version: 2.11.3-1 We believe that the bug you reported is fixed in the latest version of eglibc, which is due to be installed in the Debian FTP archive: eglibc-source_2.11.3-1_all.deb to main/e/eglibc/eglibc-source_2.11.3-1_all.deb eglibc_2.11.3-1.diff.gz to main/e/eglibc/eglibc_2.11.3-1.diff.gz eglibc_2.11.3-1.dsc to main/e/eglibc/eglibc_2.11.3-1.dsc eglibc_2.11.3.orig.tar.gz to main/e/eglibc/eglibc_2.11.3.orig.tar.gz glibc-doc_2.11.3-1_all.deb to main/e/eglibc/glibc-doc_2.11.3-1_all.deb libc-bin_2.11.3-1_amd64.deb to main/e/eglibc/libc-bin_2.11.3-1_amd64.deb libc-dev-bin_2.11.3-1_amd64.deb to main/e/eglibc/libc-dev-bin_2.11.3-1_amd64.deb libc6-dbg_2.11.3-1_amd64.deb to main/e/eglibc/libc6-dbg_2.11.3-1_amd64.deb libc6-dev-i386_2.11.3-1_amd64.deb to main/e/eglibc/libc6-dev-i386_2.11.3-1_amd64.deb libc6-dev_2.11.3-1_amd64.deb to main/e/eglibc/libc6-dev_2.11.3-1_amd64.deb libc6-i386_2.11.3-1_amd64.deb to main/e/eglibc/libc6-i386_2.11.3-1_amd64.deb libc6-pic_2.11.3-1_amd64.deb to main/e/eglibc/libc6-pic_2.11.3-1_amd64.deb libc6-prof_2.11.3-1_amd64.deb to main/e/eglibc/libc6-prof_2.11.3-1_amd64.deb libc6-udeb_2.11.3-1_amd64.udeb to main/e/eglibc/libc6-udeb_2.11.3-1_amd64.udeb libc6_2.11.3-1_amd64.deb to main/e/eglibc/libc6_2.11.3-1_amd64.deb libnss-dns-udeb_2.11.3-1_amd64.udeb to main/e/eglibc/libnss-dns-udeb_2.11.3-1_amd64.udeb libnss-files-udeb_2.11.3-1_amd64.udeb to main/e/eglibc/libnss-files-udeb_2.11.3-1_amd64.udeb locales-all_2.11.3-1_amd64.deb to main/e/eglibc/locales-all_2.11.3-1_amd64.deb locales_2.11.3-1_all.deb to main/e/eglibc/locales_2.11.3-1_all.deb nscd_2.11.3-1_amd64.deb to main/e/eglibc/nscd_2.11.3-1_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 615120@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aurelien Jarno <aurel32@debian.org> (supplier of updated eglibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 13 Dec 2011 11:23:12 +0100 Source: eglibc Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-sparcv9b libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb Architecture: source all amd64 Version: 2.11.3-1 Distribution: stable Urgency: low Maintainer: Aurelien Jarno <aurel32@debian.org> Changed-By: Aurelien Jarno <aurel32@debian.org> Description: eglibc-source - Embedded GNU C Library: sources glibc-doc - Embedded GNU C Library: Documentation libc-bin - Embedded GNU C Library: Binaries libc-dev-bin - Embedded GNU C Library: Development binaries libc0.1 - Embedded GNU C Library: Shared libraries libc0.1-dbg - Embedded GNU C Library: detached debugging symbols libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for AMD64 libc0.1-i386 - Embedded GNU C Library: 32bit shared libraries for AMD64 libc0.1-i686 - Embedded GNU C Library: Shared libraries [i686 optimized] libc0.1-pic - Embedded GNU C Library: PIC archive library libc0.1-prof - Embedded GNU C Library: Profiling Libraries libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc0.3 - Embedded GNU C Library: Shared libraries libc0.3-dbg - Embedded GNU C Library: detached debugging symbols libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files libc0.3-i686 - Embedded GNU C Library: Shared libraries [i686 optimized] libc0.3-pic - Embedded GNU C Library: PIC archive library libc0.3-prof - Embedded GNU C Library: Profiling Libraries libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc0.3-xen - Embedded GNU C Library: Shared libraries [Xen version] libc6 - Embedded GNU C Library: Shared libraries libc6-amd64 - Embedded GNU C Library: 64bit Shared libraries for AMD64 libc6-dbg - Embedded GNU C Library: detached debugging symbols libc6-dev - Embedded GNU C Library: Development Libraries and Header Files libc6-dev-amd64 - Embedded GNU C Library: 64bit Development Libraries for AMD64 libc6-dev-i386 - Embedded GNU C Library: 32-bit development libraries for AMD64 libc6-dev-mips64 - Embedded GNU C Library: 64bit Development Libraries for MIPS64 libc6-dev-mipsn32 - Embedded GNU C Library: n32 Development Libraries for MIPS64 libc6-dev-powerpc - Embedded GNU C Library: 32bit powerpc development libraries for p libc6-dev-ppc64 - Embedded GNU C Library: 64bit Development Libraries for PowerPC64 libc6-dev-s390x - Embedded GNU C Library: 64bit Development Libraries for IBM zSeri libc6-dev-sparc64 - Embedded GNU C Library: 64bit Development Libraries for UltraSPAR libc6-i386 - Embedded GNU C Library: 32-bit shared libraries for AMD64 libc6-i686 - Embedded GNU C Library: Shared libraries [i686 optimized] libc6-mips64 - Embedded GNU C Library: 64bit Shared libraries for MIPS64 libc6-mipsn32 - Embedded GNU C Library: n32 Shared libraries for MIPS64 libc6-pic - Embedded GNU C Library: PIC archive library libc6-powerpc - Embedded GNU C Library: 32bit powerpc shared libraries for ppc64 libc6-ppc64 - Embedded GNU C Library: 64bit Shared libraries for PowerPC64 libc6-prof - Embedded GNU C Library: Profiling Libraries libc6-s390x - Embedded GNU C Library: 64bit Shared libraries for IBM zSeries libc6-sparc64 - Embedded GNU C Library: 64bit Shared libraries for UltraSPARC libc6-sparcv9b - Embedded GNU C Library: Shared libraries [v9b optimized] libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc6-xen - Embedded GNU C Library: Shared libraries [Xen version] libc6.1 - Embedded GNU C Library: Shared libraries libc6.1-alphaev67 - Embedded GNU C Library: Shared libraries (EV67 optimized) libc6.1-dbg - Embedded GNU C Library: detached debugging symbols libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files libc6.1-pic - Embedded GNU C Library: PIC archive library libc6.1-prof - Embedded GNU C Library: Profiling Libraries libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libnss-dns-udeb - Embedded GNU C Library: NSS helper for DNS - udeb (udeb) libnss-files-udeb - Embedded GNU C Library: NSS helper for files - udeb (udeb) locales - Embedded GNU C Library: National Language (locale) data [support] locales-all - Embedded GNU C Library: Precompiled locale data nscd - Embedded GNU C Library: Name Service Cache Daemon Closes: 535504 541167 561249 588218 609389 615120 619963 625250 626370 630077 630695 635885 637239 639897 646549 Changes: eglibc (2.11.3-1) stable; urgency=low . * Update from stable upstream version, and update from the upstream stable branch: - fix wrong memmove/bcopy optimization with gcc-4.6. Closes: #619963. - fix an integer overflow in fnmatch() (CVE-2011-1659). Closes: #626370. - fix spurious warning in bswap_16() with -Wconversion. Closes: #561249. - fix auxiliary cache file creation. Closes: #588218. - fix memory corruption in fnmatch() that can lead to code execution (CVE-2011-1071). Closes: #615120 - fix strchr() on x86-64 CPU with SSE4.2. Closes: #635885 * Update patches: - patches/locale/locale-print-LANGUAGE.diff - patches/hppa/local-stack-grows-up.diff - patches/m68k/cvs-tls-support.patch - patches/any/local-disable-test-tgmath4.diff - patches/any/submitted-longdouble.diff - patches/any/submitted-bits-fcntl_h-at.diff - patches/kfreebsd/local-readdir_r.diff * Drop obsolete patches: - patches/any/cvs-redirect-throw.diff - patches/any/cvs-flush-cache-textrels.diff - patches/hurd-i386/cvs-linkat.diff - patches/hurd-i386/cvs-select.diff - patches/sparc/submitted-epoll.diff - patches/any/cvs-dont-expand-dst-twice.diff - patches/amd64/cvs-avx-tcb-alignment.diff - patches/any/submitted-etc-resolv.conf.diff - patches/any/cvs-audit-suid.diff * kfreebsd/local-sysdeps.diff, update to r3763 (from squeeze glibc-bsd). - fixes LD_PRELOAD with a kfreebsd-9 kernel. Closes: #630695. - uses upstream RFTSIGZMB for exit signal selection when available. - fixes a crash in if_nameindex() with more than 3 interfaces. - alter faccessat() X_OK tests similarly as access(). See #640334. - fix __libc_sa_len() for AF_LOCAL. See #645527. * Fix preinst script wrt 3.0 kernel. Patch by Colin Watson. Closes: #630077. * Update submitted-resolv.conf-thread.diff from upstream to fix a deadlock in some rare cases. * Add patches/any/cvs-resolv-different-nameserver.diff and patches/any/submitted-resolv-assert.diff to try a different nameserver if the first one returns REFUSED. Closes: #535504. * Add patches/any/cvs-getaddrinfo-single-lookup.diff to fix fallback to single lookup dns requests. Closes: #541167. * Add patches/any/cvs-pthread-setgroups.diff to fix setgroups() with multiple threads. * Add debian/patches/cvs-dl_close-scope-handling.diff from upstream to fix issues with dl_close() when resolving locally-defined symbols. Closes: #625250. * patches/i386/local-cpuid-level2.diff: fix a typo. Closes: #609389. * patches/any/cvs-nptl-pthread-race.diff: fix a race in NPTL code that sometimes causes a deadlock when calling fork() from a thread. * patches/amd64/cvs-avx-detection.diff: do not use AVX if hardware support is present, but not enabled in the kernel. Closes: #646549. * patches/any/cvs-statvfs-mount-flags.diff: get the mount flags directly from the kernel when possible instead of parsing /proc/mounts. Closes: #639897. * patches/any/cvs-dlopen-tls.diff: fix handling of static TLS in dlopen'ed objects. Closes: #637239. Checksums-Sha1: fbb02f53c48f2bbf886f72993f56ec27ddae3fe5 2609 eglibc_2.11.3-1.dsc 946ce1056c3b8a4f6cc908a6a7f8600dcc81216b 22677499 eglibc_2.11.3.orig.tar.gz 5fe774d60be6b9eb7dee81b9c3c0a10af50518e7 911895 eglibc_2.11.3-1.diff.gz 6525083e9b973c7978383e21dc217964646ec516 1851226 glibc-doc_2.11.3-1_all.deb ac4b227903817487e7d165d269d7e03318d40503 11102430 eglibc-source_2.11.3-1_all.deb b431f0551303ee709faf9b025c0194568efecfc4 4761210 locales_2.11.3-1_all.deb 018c1854f429608a661d020783c60f8bdd187495 4280536 libc6_2.11.3-1_amd64.deb b4403c1c2aecac91e6720ad20c8a9315d252425b 2592022 libc6-dev_2.11.3-1_amd64.deb fc193489d5b4c93fe259f43512588e75cab8b4d2 2035588 libc6-prof_2.11.3-1_amd64.deb 5a2cd2bb561f6a1fd55ce497cf5dbcf9bf64b9f5 1548920 libc6-pic_2.11.3-1_amd64.deb f0c54d398207226e1d29eed31e8f2b8156808db3 748266 libc-bin_2.11.3-1_amd64.deb 9179dd998986d8b7a3621812a488bc8738ebcd0d 209932 libc-dev-bin_2.11.3-1_amd64.deb 258de9dc037342df6ac6c4f520c90f0ed578682b 3660240 locales-all_2.11.3-1_amd64.deb 84918828b8023c521f3807ea0bb1e9d502ecb755 3812582 libc6-i386_2.11.3-1_amd64.deb 8d7dd6e596e8775e493ecacc196287a7cb109010 1526858 libc6-dev-i386_2.11.3-1_amd64.deb 1a265dd782810b30662f12b8d850933409feb0e4 197314 nscd_2.11.3-1_amd64.deb b47317d1fd472862aa0bbb61b837294d50da13d7 10479894 libc6-dbg_2.11.3-1_amd64.deb c72ddebc66cc1a623cf054d42b66735f04fde852 1152164 libc6-udeb_2.11.3-1_amd64.udeb 26f5267fecc0d9a703869f68f1f6d84995d75596 11106 libnss-dns-udeb_2.11.3-1_amd64.udeb f7c5b2024a32af9f60fb9f7a2688073f58859f3e 20136 libnss-files-udeb_2.11.3-1_amd64.udeb Checksums-Sha256: 89d3b3cfa96e378654d6680d9da28cf3e23920155b17c5aa80b55f9c4ed8451a 2609 eglibc_2.11.3-1.dsc 86468e94516b84c586b0f5c78c5b2361474698a7619f465091b1a61f0ae134af 22677499 eglibc_2.11.3.orig.tar.gz 4025d5e303b5452c92ae6fc4d5d9ded0c56d8c91733017347a88b55ad5d5c68e 911895 eglibc_2.11.3-1.diff.gz cdfee35accfc28570ace0255b22f7af4faa5e7682cb6f0499d83512b37fa2da3 1851226 glibc-doc_2.11.3-1_all.deb 893906a4889183c38829d10fc23513ee83209fd4383256174c16bab9a611f53c 11102430 eglibc-source_2.11.3-1_all.deb f29f25b62dd44c0ab512ba6d0b1f9c1d3d1c9e15ede2d8bbbc54ba00dedf89cb 4761210 locales_2.11.3-1_all.deb 5b2b729074dda7f5247eb70c651ce6297148d471e91f61fc421702c2b855427d 4280536 libc6_2.11.3-1_amd64.deb cea38b5e11910146163072715871f65832e03c5635a02604a19dd873ac665f5e 2592022 libc6-dev_2.11.3-1_amd64.deb 4d9a915f44bf4b8cf98d875733cd51920101afbccf713704c3f9c15dfa80b06a 2035588 libc6-prof_2.11.3-1_amd64.deb 40f6f1b584dce7ed2a984c0f8c1d2d5c04172867d40c18065c3d9bf64fbf8fb8 1548920 libc6-pic_2.11.3-1_amd64.deb 5282d31aa028cc7c50a3f089a8dbef9cb6c740cbdb54d8b2f4ec6d2e41e5a044 748266 libc-bin_2.11.3-1_amd64.deb 5f5f89b39b46d696232b7ae6ce6f6058bfd032bda73e308c67d5a208c3265b5e 209932 libc-dev-bin_2.11.3-1_amd64.deb 7f1e587c68f3348704d8dec08c9a5705a7c9ea62200595da09b4cd635c73946f 3660240 locales-all_2.11.3-1_amd64.deb 95dad61c46ff6a145cd1ea6645e90efb54190abb05d343999d7095dd90516a08 3812582 libc6-i386_2.11.3-1_amd64.deb f516fd0fbbea09f6f8eca573e7867ddb729bb14cf476a025419174793d539f23 1526858 libc6-dev-i386_2.11.3-1_amd64.deb e87e256800accc0c24a37eaa29bad321e993d0fbab103e52c924c35ba9c0ac53 197314 nscd_2.11.3-1_amd64.deb b40cb100648108d7ac5f2ed4f9cd90b72cded805770436775fce1208e4785e1b 10479894 libc6-dbg_2.11.3-1_amd64.deb 800e2cbf9d657663ef9aec877cd783ee5d9f230cf41808fad61e5cd2fcaa12ec 1152164 libc6-udeb_2.11.3-1_amd64.udeb ff0ee247a3894978efb3bb79b049d94b69967bcd4f021da925db0c8c38277d32 11106 libnss-dns-udeb_2.11.3-1_amd64.udeb 26d5e05a9605f8fa2be703c9f51e33b346bfa35bf93227df044bd88a60a8e042 20136 libnss-files-udeb_2.11.3-1_amd64.udeb Files: 2499ae0d38d415f5b178fe4d9de0b953 2609 libs required eglibc_2.11.3-1.dsc dd8e9ddf5a3d62209d2ef113888d0899 22677499 libs required eglibc_2.11.3.orig.tar.gz 4ebb4997515cd758c6b49752296a0815 911895 libs required eglibc_2.11.3-1.diff.gz 596404bd20f47e14d112d9d0c9267ed0 1851226 doc optional glibc-doc_2.11.3-1_all.deb 8bd30dcd2e530b6ceda8e53497819a94 11102430 devel optional eglibc-source_2.11.3-1_all.deb 7f06f3e42d4d116aa105553488fcd13f 4761210 localization standard locales_2.11.3-1_all.deb 46bda1167945514343cc58ac892773fe 4280536 libs required libc6_2.11.3-1_amd64.deb 79653cac13bd867841bbf84dcda3bc3d 2592022 libdevel optional libc6-dev_2.11.3-1_amd64.deb da18b6d75766cbfb56320ffd92618aec 2035588 libdevel extra libc6-prof_2.11.3-1_amd64.deb ba6fc4fda58bc8fb5b7b9e9d304713c2 1548920 libdevel optional libc6-pic_2.11.3-1_amd64.deb 4011b2e0da4444d3198aba6ea14ec5ea 748266 libs required libc-bin_2.11.3-1_amd64.deb 12b8265a5618f1a722cb1f5609d58251 209932 libdevel optional libc-dev-bin_2.11.3-1_amd64.deb ac36937438147ab9446d97ebfd9ccf96 3660240 localization extra locales-all_2.11.3-1_amd64.deb dde532b796bc117979f2f1b54b04d844 3812582 libs optional libc6-i386_2.11.3-1_amd64.deb 0f1da83107e9aa52a943ede360382358 1526858 libdevel optional libc6-dev-i386_2.11.3-1_amd64.deb 5053b4c9a70b901b88a5c88b6e8a9f74 197314 admin optional nscd_2.11.3-1_amd64.deb b1afd15812cc23893eb2618278bb2308 10479894 debug extra libc6-dbg_2.11.3-1_amd64.deb e9f290ce37f74e9ea1d4711242e0ff99 1152164 debian-installer extra libc6-udeb_2.11.3-1_amd64.udeb 6214f1d10ad24e5b7058322b4220e286 11106 debian-installer extra libnss-dns-udeb_2.11.3-1_amd64.udeb 76bb39b6ab4b837c13a60020a383fbed 20136 debian-installer extra libnss-files-udeb_2.11.3-1_amd64.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iD8DBQFO6EG8w3ao2vG823MRAnOVAJ9/Lk/mAXuCGkorjU9N5Zq97ioMRQCggp6k BK3uF3KrAYaU6Ob/PQiCk10= =FIk3 -----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Thu, 02 Feb 2012 07:33:15 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.