glibc: CVE-2019-25013

Debian Bug report logs - #979273
glibc: CVE-2019-25013

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: glibc: CVE-2019-25013

Date: Mon, 04 Jan 2021 20:59:35 +0100

Source: glibc
Version: 2.31-7
Severity: important
Tags: security upstream
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=24973
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 2.28-10

Hi,

The following vulnerability was published for glibc, filling for
tracking in the BTS.

CVE-2019-25013[0]:
| The iconv feature in the GNU C Library (aka glibc or libc6) through
| 2.32, when processing invalid multi-byte input sequences in the EUC-KR
| encoding, may have a buffer over-read.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-25013
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25013
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=24973
[2] https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b

Regards,
Salvatore

Message #10 received at 979273-submitter@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <noreply@salsa.debian.org>

To: 979273-submitter@bugs.debian.org

Subject: Bug#979273 marked as pending in glibc

Date: Tue, 05 Jan 2021 05:42:50 +0000

Control: tag -1 pending

Hello,

Bug #979273 in glibc reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/glibc-team/glibc/-/commit/3aa199e4651a23dbe725ae479856ca9d1ac80034

------------------------------------------------------------------------
debian/patches/git-updates.diff: update from upstream stable branch:

* debian/patches/git-updates.diff: update from upstream stable branch:
  - Fix a buffer over-read when processing invalid multi-byte input
    sequences in the EUC-KR encoding (CVE-2019-25013).  Closes: #979273.
------------------------------------------------------------------------

(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/979273

Message #17 received at 979273-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>

To: 979273-close@bugs.debian.org

Subject: Bug#979273: fixed in glibc 2.31-9

Date: Tue, 05 Jan 2021 06:03:36 +0000

Source: glibc
Source-Version: 2.31-9
Done: Aurelien Jarno <aurel32@debian.org>

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 979273@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 05 Jan 2021 06:47:42 +0100
Source: glibc
Architecture: source
Version: 2.31-9
Distribution: unstable
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Closes: 968349 979273
Changes:
 glibc (2.31-9) unstable; urgency=medium
 .
   [ Samuel Thibault ]
   * debian/testsuite-xfail-debian.mk: Update tests.
   * debian/patches/hurd-i386/git-mmap_addr.diff: Fix long-running ghc processes.
 .
   [ Aurelien Jarno ]
   * Upload to unstable.
   * debian/patches/git-updates.diff: update from upstream stable branch:
     - Fix a buffer over-read when processing invalid multi-byte input
       sequences in the EUC-KR encoding (CVE-2019-25013).  Closes: #979273.
   * debian/control.in/libc: add a Breaks: against libgegl-0.4-0 (<< 0.4.18).
     Closes: #968349.
Checksums-Sha1:
 b80503b444cc6b04ea66a60551552fab550f3a3e 8311 glibc_2.31-9.dsc
 c276c405aa11e3a7a4eee88a79a19fa2a7d7a3e5 902504 glibc_2.31-9.debian.tar.xz
 b933f9e9818d4298ec0c0daeb91dc7b191b06fe6 8626 glibc_2.31-9_source.buildinfo
Checksums-Sha256:
 5f4848ef9d3b98e3271ec9a8077b50147d37db93575fa73a9de487b095e2973c 8311 glibc_2.31-9.dsc
 4d1644f39bfbbb2eec8c3e4aceda7472ee435a7a9bf73dc2967ddde0a2e35230 902504 glibc_2.31-9.debian.tar.xz
 564c2f4fb30db124aa19b053f636f48c720d3cc972d8b1e4e4a7c24952768c2e 8626 glibc_2.31-9_source.buildinfo
Files:
 f21178fe384768853cb0e9cacf62af95 8311 libs required glibc_2.31-9.dsc
 24de6aa1f91b8f36a164bdd26eda3d52 902504 libs required glibc_2.31-9.debian.tar.xz
 1c2274d6bbaf6cf050a0ee25a6dd53c5 8626 libs required glibc_2.31-9_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAl/z/tEACgkQE4jA+Jno
M2uo+xAAnJQB+djKmj+sqozvIt2LbHAQ+JRWXwMPmIpIZQH2fiYjvEcN6PLy9Sfb
zH9Gvyk4S/ivouxFUuSyQZeM1oXsJi5PXoik0FSCp+sV0ncr5aGEw7PcdrOfb6C9
fGLcvUiTnvhHoP7uXAqnMM0GLJaAE+1/pJ9gDfj+MmB8aQUz8UJMTlewpGAPgfrc
JcTNOcN1mQ/KhLjHmuVNqf1X2WXEoYezouwPynOu/KurwPE2FdSZ7EvsGVhHaZbE
MLLfc77Gs6+m5oF/5hYoPTBlePokagCXLSvkaE25xPFqVKoGOyugOAeHZbSgEhO+
Uef02qDYkQwBU9DsYbraSiBUz08qcK/xxYzVEVK0pnDC1BNJA04HAKjdC6ULwYcJ
Yz5nL09k+Qws31P7Qfq5jxUmpk7ivQuG3Z5BWW/ZRcLLhc7MVSFN2UmJdcWt0e7U
5ZEWILtOyzS6X1UjtESj0HZGMnphHiZphhiU8mTgD0ckWxmClQh77BEsZl0y3s77
fcSpszLdpOkBDIHGjkfZ564S1Yvdf6YHYWYzpc9lG0Gng1nuLio3n+6nhKse/ukA
RaDhY011EsxIfDF6QVY9trcbE1kkvzoQtjjud0PID4JI97ShwEnEkSPJC4U1PzoN
7/qLy0Xcp4gXXe3p8iLnmSOL9WApUqhX59ifEwNFI7ky4Plzn1A=
=xmPW
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.