Package: src:glibc; Maintainer for src:glibc is GNU Libc Maintainers <debian-glibc@lists.debian.org>;
Reported by: Raphael Hertzog <hertzog@debian.org>
Date: Tue, 3 Nov 2015 10:00:02 UTC
Severity: serious
Tags: fixed-upstream, security
Found in versions glibc/2.11.3-4, eglibc/2.11.3-4, glibc/2.19-22
Fixed in versions eglibc/2.11.3-4+deb6u8, glibc/2.21-1, eglibc/2.13-38+deb7u9, glibc/2.19-18+deb8u2
Done: Aurelien Jarno <aurel32@debian.org>
Bug is archived. No further changes may be made.
Forwarded to https://sourceware.org/bugzilla/show_bug.cgi?id=16009
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>
:
Bug#803927
; Package src:glibc
.
(Tue, 03 Nov 2015 10:00:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Raphael Hertzog <hertzog@debian.org>
:
New Bug report received and forwarded. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>
.
(Tue, 03 Nov 2015 10:00:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: glibc Version: 2.19-22 Severity: serious Tags: security fixed-upstream Control: forwarded -1 https://sourceware.org/bugzilla/show_bug.cgi?id=16009 Hello, libc6 is vulnerable to buffer overruns in strxfrm() as reported in the following upstream ticket: https://sourceware.org/bugzilla/show_bug.cgi?id=16009 The issue is fixed in glibc 2.21. No CVE has been assigned yet even though it had been requested in http://openwall.com/lists/oss-security/2015/09/08/2 The upstream patch is available here: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0f9e585480ed Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
Set Bug forwarded-to-address to 'https://sourceware.org/bugzilla/show_bug.cgi?id=16009'.
Request was from Raphael Hertzog <hertzog@debian.org>
to submit@bugs.debian.org
.
(Tue, 03 Nov 2015 10:00:06 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>
:
Bug#803927
; Package src:glibc
.
(Tue, 24 Nov 2015 16:27:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Raphael Hertzog <hertzog@debian.org>
:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>
.
(Tue, 24 Nov 2015 16:27:08 GMT) (full text, mbox, link).
Message #12 received at 803927@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hello, I have backported the upstream patch for squeeze and it results in the attached patch. It does compile and I have not identified any regression but the build log mentions unexpected testsuite failures. Comparing with a build of the the previous version, I get only one supplementary failure: @@ -50775,10 +50775,12 @@ bug-regex32.out, Error 1 check-localplt.out, Error 1 tst-atime.out, Error 1 +tst-mqueue5.out, Error 1 *************** Encountered regressions that don't match expected failures: bug-regex32.out, Error 1 tst-atime.out, Error 1 +tst-mqueue5.out, Error 1 *************** Both for the amd64 and the i386 version (when built on a squeeze chroot in a current sid system). Do you have any idea what this means? I looked at the test and I don't see how the changes to strxfrm can result in a regression in that code. I have uploaded my package here: http://people.debian.org/~hertzog/packages/eglibc_2.11.3-4+deb6u8_amd64.changes Dear LTS users, feel free to test them and to report back any regression. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
[cvs-bugzilla-16009-strxfrm-buffer-overflows.diff (text/x-diff, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>
:
Bug#803927
; Package src:glibc
.
(Tue, 24 Nov 2015 16:39:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Raphael Hertzog <hertzog@debian.org>
:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>
.
(Tue, 24 Nov 2015 16:39:03 GMT) (full text, mbox, link).
Message #17 received at 803927@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
[ Cc the security team if they want to use it to prepare a DSA ] Hello, since the wheezy eglibc is relatively close to squeeze's version, I have updated my former backport for wheezy as well. Please find the patch attached. It does build but the resulting package has not been tested and I did not do any comparison of the build logs to identify regression via the test suite. My build log (in a wheezy chroot on a sid system with kernel 4.2.0-1-amd64) lists this: make[1]: Leaving directory `/<<PKGBUILDDIR>>/build-tree/amd64-libc' # # Testsuite failures, someone should be working towards # fixing these! They are listed here for the purpose of # regression testing during builds. # Format: <Failed test>, Error <Make error code> [(ignored)] # annexc.out, Error 1 (ignored) tst-atime.out, Error 1 tst-cancel4.out, Error 1 tst-cancel5.out, Error 1 tst-cancelx4.out, Error 1 tst-cancelx5.out, Error 1 tst-writev.out, Error 1 *************** Encountered regressions that don't match expected failures: tst-atime.out, Error 1 tst-cancel4.out, Error 1 tst-cancel5.out, Error 1 tst-cancelx4.out, Error 1 tst-cancelx5.out, Error 1 *************** [...] make[1]: Leaving directory `/<<PKGBUILDDIR>>/build-tree/amd64-i386' # # Testsuite failures, someone should be working towards # fixing these! They are listed here for the purpose of # regression testing during builds. # Format: <Failed test>, Error <Make error code> [(ignored)] # annexc.out, Error 1 (ignored) tst-atime.out, Error 1 tst-cancel4.out, Error 1 tst-cancel5.out, Error 1 tst-cancelx4.out, Error 1 tst-cancelx5.out, Error 1 *************** Encountered regressions that don't match expected failures: tst-atime.out, Error 1 tst-cancel4.out, Error 1 tst-cancel5.out, Error 1 tst-cancelx4.out, Error 1 tst-cancelx5.out, Error 1 *************** I use "relatime" on all my filesystems so it might be that for "tst-atime" and the cancel* it might be the same issue already identified by Ben Hutchings in https://lists.debian.org/1425557359.3164.54.camel@decadent.org.uk and we might want to include the debian/patches/all/cvs-increase-nptl-test-case-buffer-size.patch from the squeeze package. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
[cvs-bugzilla-16009-strxfrm-buffer-overflows.diff (text/x-diff, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>
:
Bug#803927
; Package src:glibc
.
(Tue, 24 Nov 2015 17:54:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Ben Hutchings <ben@decadent.org.uk>
:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>
.
(Tue, 24 Nov 2015 17:54:04 GMT) (full text, mbox, link).
Message #22 received at 803927@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Tue, 2015-11-24 at 17:23 +0100, Raphael Hertzog wrote: > Hello, > > I have backported the upstream patch for squeeze and it results in the > attached patch. It does compile and I have not identified any regression > but the build log mentions unexpected testsuite failures. > > Comparing with a build of the the previous version, I get only one > supplementary failure: > @@ -50775,10 +50775,12 @@ > bug-regex32.out, Error 1 > check-localplt.out, Error 1 > tst-atime.out, Error 1 > +tst-mqueue5.out, Error 1 > *************** > Encountered regressions that don't match expected failures: > bug-regex32.out, Error 1 > tst-atime.out, Error 1 > +tst-mqueue5.out, Error 1 > *************** [...] You should copy out the test output file so it's possible to see which step of the mqueue5 test failed. There are some recent changes to the mqueue implementation in Linux that might possibly have caused this (not because they are known buggy, but they may have user-visible effects). However it's fairly pointless for me to look any further without that test output. Ben. -- Ben Hutchings Unix is many things to many people, but it's never been everything to anybody.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>
:
Bug#803927
; Package src:glibc
.
(Wed, 25 Nov 2015 00:30:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Raphael Hertzog <hertzog@debian.org>
:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>
.
(Wed, 25 Nov 2015 00:30:03 GMT) (full text, mbox, link).
Message #27 received at 803927@bugs.debian.org (full text, mbox, reply):
On Tue, 24 Nov 2015, Ben Hutchings wrote: > You should copy out the test output file so it's possible to see which > step of the mqueue5 test failed. > > There are some recent changes to the mqueue implementation in Linux > that might possibly have caused this (not because they are known buggy, > but they may have user-visible effects). However it's fairly pointless > for me to look any further without that test output. In a build in a normal chroot (not a minimal-sbuild one), I only got the failure for the amd64-i386 build: ┏(squeeze-amd64) x230-buxy:~/deb/lts/pkg/eglibc-2.11.3 ┗(543)$ cat build-tree/amd64-i386/rt/tst-mqueue5.out SIGRTMIN signal in child did not arrive child failed with status 256 Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
Information forwarded
to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>
:
Bug#803927
; Package src:glibc
.
(Wed, 25 Nov 2015 19:18:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Ben Hutchings <ben@decadent.org.uk>
:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>
.
(Wed, 25 Nov 2015 19:18:03 GMT) (full text, mbox, link).
Message #32 received at 803927@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Wed, 2015-11-25 at 01:27 +0100, Raphael Hertzog wrote: > On Tue, 24 Nov 2015, Ben Hutchings wrote: > > You should copy out the test output file so it's possible to see which > > step of the mqueue5 test failed. > > > > There are some recent changes to the mqueue implementation in Linux > > that might possibly have caused this (not because they are known buggy, > > but they may have user-visible effects). However it's fairly pointless > > for me to look any further without that test output. > > In a build in a normal chroot (not a minimal-sbuild one), I only got the failure > for the amd64-i386 build: > ┏(squeeze-amd64) x230-buxy:~/deb/lts/pkg/eglibc-2.11.3 > ┗(543)$ cat build-tree/amd64-i386/rt/tst-mqueue5.out > SIGRTMIN signal in child did not arrive > child failed with status 256 The test doesn't fail reliably. Running tst-mqueue5 program against the current libc6-686, 7 out of 100 runs failed in this way. Running it against the new libc6, 8 out of 100 failed. (Both in a squeeze:i386 chroot with a 4.2 amd64 kernel.) Whatever is going wrong here, I don't think it's a regression. Ben. -- Ben Hutchings This sentence contradicts itself - no actually it doesn't.
[signature.asc (application/pgp-signature, inline)]
Reply sent
to Raphaël Hertzog <hertzog@debian.org>
:
You have taken responsibility.
(Thu, 26 Nov 2015 15:24:06 GMT) (full text, mbox, link).
Notification sent
to Raphael Hertzog <hertzog@debian.org>
:
Bug acknowledged by developer.
(Thu, 26 Nov 2015 15:24:06 GMT) (full text, mbox, link).
Message #37 received at 803927-close@bugs.debian.org (full text, mbox, reply):
Source: eglibc Source-Version: 2.11.3-4+deb6u8 We believe that the bug you reported is fixed in the latest version of eglibc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 803927@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Raphaël Hertzog <hertzog@debian.org> (supplier of updated eglibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 26 Nov 2015 09:49:29 +0100 Source: eglibc Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-sparcv9b libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb Architecture: source all amd64 Version: 2.11.3-4+deb6u8 Distribution: squeeze-lts Urgency: medium Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org> Changed-By: Raphaël Hertzog <hertzog@debian.org> Description: eglibc-source - Embedded GNU C Library: sources glibc-doc - Embedded GNU C Library: Documentation libc-bin - Embedded GNU C Library: Binaries libc-dev-bin - Embedded GNU C Library: Development binaries libc0.1 - Embedded GNU C Library: Shared libraries libc0.1-dbg - Embedded GNU C Library: detached debugging symbols libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for AMD64 libc0.1-i386 - Embedded GNU C Library: 32bit shared libraries for AMD64 libc0.1-i686 - Embedded GNU C Library: Shared libraries [i686 optimized] libc0.1-pic - Embedded GNU C Library: PIC archive library libc0.1-prof - Embedded GNU C Library: Profiling Libraries libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc0.3 - Embedded GNU C Library: Shared libraries libc0.3-dbg - Embedded GNU C Library: detached debugging symbols libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files libc0.3-i686 - Embedded GNU C Library: Shared libraries [i686 optimized] libc0.3-pic - Embedded GNU C Library: PIC archive library libc0.3-prof - Embedded GNU C Library: Profiling Libraries libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc0.3-xen - Embedded GNU C Library: Shared libraries [Xen version] libc6 - Embedded GNU C Library: Shared libraries libc6-amd64 - Embedded GNU C Library: 64bit Shared libraries for AMD64 libc6-dbg - Embedded GNU C Library: detached debugging symbols libc6-dev - Embedded GNU C Library: Development Libraries and Header Files libc6-dev-amd64 - Embedded GNU C Library: 64bit Development Libraries for AMD64 libc6-dev-i386 - Embedded GNU C Library: 32-bit development libraries for AMD64 libc6-dev-mips64 - Embedded GNU C Library: 64bit Development Libraries for MIPS64 libc6-dev-mipsn32 - Embedded GNU C Library: n32 Development Libraries for MIPS64 libc6-dev-powerpc - Embedded GNU C Library: 32bit powerpc development libraries for p libc6-dev-ppc64 - Embedded GNU C Library: 64bit Development Libraries for PowerPC64 libc6-dev-s390x - Embedded GNU C Library: 64bit Development Libraries for IBM zSeri libc6-dev-sparc64 - Embedded GNU C Library: 64bit Development Libraries for UltraSPAR libc6-i386 - Embedded GNU C Library: 32-bit shared libraries for AMD64 libc6-i686 - Embedded GNU C Library: Shared libraries [i686 optimized] libc6-mips64 - Embedded GNU C Library: 64bit Shared libraries for MIPS64 libc6-mipsn32 - Embedded GNU C Library: n32 Shared libraries for MIPS64 libc6-pic - Embedded GNU C Library: PIC archive library libc6-powerpc - Embedded GNU C Library: 32bit powerpc shared libraries for ppc64 libc6-ppc64 - Embedded GNU C Library: 64bit Shared libraries for PowerPC64 libc6-prof - Embedded GNU C Library: Profiling Libraries libc6-s390x - Embedded GNU C Library: 64bit Shared libraries for IBM zSeries libc6-sparc64 - Embedded GNU C Library: 64bit Shared libraries for UltraSPARC libc6-sparcv9b - Embedded GNU C Library: Shared libraries [v9b optimized] libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc6-xen - Embedded GNU C Library: Shared libraries [Xen version] libc6.1 - Embedded GNU C Library: Shared libraries libc6.1-alphaev67 - Embedded GNU C Library: Shared libraries (EV67 optimized) libc6.1-dbg - Embedded GNU C Library: detached debugging symbols libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files libc6.1-pic - Embedded GNU C Library: PIC archive library libc6.1-prof - Embedded GNU C Library: Profiling Libraries libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libnss-dns-udeb - Embedded GNU C Library: NSS helper for DNS - udeb (udeb) libnss-files-udeb - Embedded GNU C Library: NSS helper for files - udeb (udeb) locales - Embedded GNU C Library: National Language (locale) data [support] locales-all - Embedded GNU C Library: Precompiled locale data nscd - Embedded GNU C Library: Name Service Cache Daemon Closes: 803927 Changes: eglibc (2.11.3-4+deb6u8) squeeze-lts; urgency=medium . * Non-maintainer upload by the Debian LTS team. * debian/patches/any/cvs-bugzilla-16009-strxfrm-buffer-overflows.diff: patch from upstream to fix memory allocations issues that can lead to buffer overflows on the stack. Closes: #803927 Checksums-Sha1: 081064175abb33d0e83fd37e9067b397d026d8fa 2957 eglibc_2.11.3-4+deb6u8.dsc bac10c339647cea26466e059c09c50e4f41b3898 977944 eglibc_2.11.3-4+deb6u8.diff.gz 6cf13a674bfc5f444978ba6bfe26dab530a98e19 1854006 glibc-doc_2.11.3-4+deb6u8_all.deb d0dba62696d230a589c8ec8e8f64f5d1cb903ddf 11180074 eglibc-source_2.11.3-4+deb6u8_all.deb f1d9a99ad098cfc50529898fbd6ae5d9733cb0ed 4765284 locales_2.11.3-4+deb6u8_all.deb 15295965c35c281322ada9f80f56ad5cffc60e80 4286126 libc6_2.11.3-4+deb6u8_amd64.deb 0796b646c73bc7807744483bed1444a2adf7886e 2615718 libc6-dev_2.11.3-4+deb6u8_amd64.deb 166150ca0e5663cf7288215714501b0f04f10ae7 2058996 libc6-prof_2.11.3-4+deb6u8_amd64.deb 44757b48061335b2bda3b244ceef07cff4095734 1573022 libc6-pic_2.11.3-4+deb6u8_amd64.deb d4ef77dfb83666e08d015337815d902eb2b8d49f 758528 libc-bin_2.11.3-4+deb6u8_amd64.deb 4b9d54fdc84c5a60e4a2d76546c8f52f9bc6449d 212042 libc-dev-bin_2.11.3-4+deb6u8_amd64.deb 377d538d83773eb84f56e43dc96a88731b462b9a 3655830 locales-all_2.11.3-4+deb6u8_amd64.deb 6cdd67d0359244c2cb82152dbe9a8d1dd7114d5f 3829342 libc6-i386_2.11.3-4+deb6u8_amd64.deb 0dad089625703db459516ab53bc258da62c7422d 1554402 libc6-dev-i386_2.11.3-4+deb6u8_amd64.deb 4eb0cc87a6eada5806e25f5deaad8021341c450c 200298 nscd_2.11.3-4+deb6u8_amd64.deb f9c1c97ad4dc629ed863bfd3b5bdc0fac871e497 10522714 libc6-dbg_2.11.3-4+deb6u8_amd64.deb a2a53ec84a20eabc15ee8d6735cfe861bdbd20c0 1171682 libc6-udeb_2.11.3-4+deb6u8_amd64.udeb 342e8beee237fa2d979862f55525c2b8734efb1a 11108 libnss-dns-udeb_2.11.3-4+deb6u8_amd64.udeb ba93e607bbf09836c6a23ceccd7a4e5b226433f6 20142 libnss-files-udeb_2.11.3-4+deb6u8_amd64.udeb Checksums-Sha256: d1c9e4690780a28d319c92f12e26fc22ce0606d1390783b6b8121f6bd8925cc1 2957 eglibc_2.11.3-4+deb6u8.dsc 4524b6524e5aae33b564985fca3243dc5b95fdd0aae5af2bebfd506f4a902d8c 977944 eglibc_2.11.3-4+deb6u8.diff.gz d3381120c3a4a65ecfeb159c71d10df3163e4329f99ecc330e621cb7755cca49 1854006 glibc-doc_2.11.3-4+deb6u8_all.deb 81962581f37497b7e539a4c886ca72b500be94c8d074a227fea4b3da0da4cc91 11180074 eglibc-source_2.11.3-4+deb6u8_all.deb 16f1a361772833feb25a081f10e2abf9a1ff496d9d7536f9ef72ee3863b0bed6 4765284 locales_2.11.3-4+deb6u8_all.deb fb7ed40de12bd3f3a2e98defdbd3137e630d874fa7371c6753e4181049e7cdcb 4286126 libc6_2.11.3-4+deb6u8_amd64.deb 4cb1cd0e001071018e053606718595e38c6ceff506696b6c35afcbe78407d3cb 2615718 libc6-dev_2.11.3-4+deb6u8_amd64.deb 18fe0fb6e99b3fbc600af1d0053ecaae803a73ed7f1f1ca1dbf55c26424b9d84 2058996 libc6-prof_2.11.3-4+deb6u8_amd64.deb 6b770cfc1ff2a20a5997844fdd798c0779ad43957337b1d55108ee5a2d472a51 1573022 libc6-pic_2.11.3-4+deb6u8_amd64.deb f5b1a36b73c617b2ddd2fce5731bd6c10a4dd8ca468f5ae0f6afcc7c0f495536 758528 libc-bin_2.11.3-4+deb6u8_amd64.deb 53142c43a4b3fb3fb9044fcaa7d64c163cb8abe35b54f9bdf56f8d3372d9e5ec 212042 libc-dev-bin_2.11.3-4+deb6u8_amd64.deb cb725a4023f57c898ab2406d9f388ce0ee9be2bedcaefb9866104d0af7591521 3655830 locales-all_2.11.3-4+deb6u8_amd64.deb eaeca1ec0808ab24bf24bc457fe1ee5861423c2024ea50bbb550bc3afec1ce8a 3829342 libc6-i386_2.11.3-4+deb6u8_amd64.deb ac5d415f127fba4f5d7b9bd23d05a3e46bc05b2447f6dd110724aa8c7ab79410 1554402 libc6-dev-i386_2.11.3-4+deb6u8_amd64.deb 01d2259d6a391d562c3ca49990a863fcdf19130e1df0c1c6cff1f4e6fe5d0764 200298 nscd_2.11.3-4+deb6u8_amd64.deb c122061d696a2020a9e271dcda41d39379bea28a1ec603997dab6a256e9eea21 10522714 libc6-dbg_2.11.3-4+deb6u8_amd64.deb 4d1ff643a4b8e857d381dac21c7a36d57592016097456b8b5fa469bea2c6ddc2 1171682 libc6-udeb_2.11.3-4+deb6u8_amd64.udeb 1c3c286b615269a9ee7fa0640859c40a28a5815d56d92b5b096de8fa3c003141 11108 libnss-dns-udeb_2.11.3-4+deb6u8_amd64.udeb 2675dd9d1798a9b06e9bcf6c1dac2075a98b3a0c6039a2655105b27752ff4e76 20142 libnss-files-udeb_2.11.3-4+deb6u8_amd64.udeb Files: eeb3a9e9b198b0e0094c6cb4ca3d6414 2957 libs required eglibc_2.11.3-4+deb6u8.dsc 0853a40bb96155bcde6616ea207a8686 977944 libs required eglibc_2.11.3-4+deb6u8.diff.gz 5a260719c02249ffd8977bba2bdf4092 1854006 doc optional glibc-doc_2.11.3-4+deb6u8_all.deb 8882c980cb6a63052256f60dd0c40bb5 11180074 devel optional eglibc-source_2.11.3-4+deb6u8_all.deb 0f7bf6ad012f3fb253f1585760213a63 4765284 localization standard locales_2.11.3-4+deb6u8_all.deb 0f40b0c30bafd8c685cefd8cdb576268 4286126 libs required libc6_2.11.3-4+deb6u8_amd64.deb ae3c3ff8758a0813c81f61b76b01c135 2615718 libdevel optional libc6-dev_2.11.3-4+deb6u8_amd64.deb 7158c1dff6ffc7975e6804fcb5628582 2058996 libdevel extra libc6-prof_2.11.3-4+deb6u8_amd64.deb d743bf6c268ac9c19b7cfc4daef5c811 1573022 libdevel optional libc6-pic_2.11.3-4+deb6u8_amd64.deb afdd2f087f79882f63095f67a27fbe3a 758528 libs required libc-bin_2.11.3-4+deb6u8_amd64.deb edfd742e31c5923545ff10c5731fc1a5 212042 libdevel optional libc-dev-bin_2.11.3-4+deb6u8_amd64.deb 3a52267ef1535fefd183d2e7afa86ab7 3655830 localization extra locales-all_2.11.3-4+deb6u8_amd64.deb 8ecca8c0e1ecc6cf76b16dcf284b0f7f 3829342 libs optional libc6-i386_2.11.3-4+deb6u8_amd64.deb d3d29980408cc67c1c3a6819efa68d51 1554402 libdevel optional libc6-dev-i386_2.11.3-4+deb6u8_amd64.deb a7093b2b8ece8cf725e2e1b05f356d8c 200298 admin optional nscd_2.11.3-4+deb6u8_amd64.deb 03e596ee00e8e5a1fedf32260bba651f 10522714 debug extra libc6-dbg_2.11.3-4+deb6u8_amd64.deb 7372e69ae92a2e273a2a126d9a01f8ec 1171682 debian-installer extra libc6-udeb_2.11.3-4+deb6u8_amd64.udeb 35d6b32d30528b0272d1ad92a2a46e55 11108 debian-installer extra libnss-dns-udeb_2.11.3-4+deb6u8_amd64.udeb ec44ce784dfa307c75d60fd803f1ccfc 20142 debian-installer extra libnss-files-udeb_2.11.3-4+deb6u8_amd64.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Signed by Raphael Hertzog iQEcBAEBCAAGBQJWVwzfAAoJEAOIHavrwpq5cncH/0shdsko06uVrH4zhbAkhJc0 7GJsNLnCGqOzzG/rx5tucDG1b9MhJJCuwSWOdHeeQcrpMmIWKCKQ0qTyvdGigAqA DXMwMSz8nOsLG3tdR0fXYYDgoe+w/NdK7WbrQTj0l/uZFy8q+JToOYo9Ur52cIRL EGjAziBzcwBhjwStDpTE3/LiGdRDSzcYLir9p/lPZTLNC1e7p+Xqh00z/41Zl2WH //OtWideLftuX7gPi19AxrbsYiJ38wm4zL1C1n0bNo2FqXjYG73evk+Eo+ewoikR CY38bb821Uw5MKlViaP9+WxVQDU//ajqF9viwxnuDBX5vtcPitSyto8c/4BMPUw= =l/o/ -----END PGP SIGNATURE-----
Marked as found in versions glibc/2.11.3-4.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Thu, 26 Nov 2015 15:30:03 GMT) (full text, mbox, link).
Marked as found in versions eglibc/2.11.3-4.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Thu, 26 Nov 2015 16:09:06 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>
:
Bug#803927
; Package src:glibc
.
(Tue, 15 Dec 2015 23:09:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Aurelien Jarno <aurelien@aurel32.net>
:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>
.
(Tue, 15 Dec 2015 23:09:08 GMT) (full text, mbox, link).
Message #46 received at 803927@bugs.debian.org (full text, mbox, reply):
On 2015-11-24 17:34, Raphael Hertzog wrote: > [ Cc the security team if they want to use it to prepare a DSA ] > > Hello, > > since the wheezy eglibc is relatively close to squeeze's version, I have > updated my former backport for wheezy as well. > > Please find the patch attached. It does build but the resulting > package has not been tested and I did not do any comparison of the > build logs to identify regression via the test suite. > Thanks for the patch. I have applied it and updated bug#802371 so that we can get an updated package in the next point release. I'll work on the jessie upload in the next days. Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurelien@aurel32.net http://www.aurel32.net
Marked as fixed in versions glibc/2.21-1.
Request was from Aurelien Jarno <aurel32@debian.org>
to control@bugs.debian.org
.
(Tue, 15 Dec 2015 23:12:06 GMT) (full text, mbox, link).
Reply sent
to Aurelien Jarno <aurel32@debian.org>
:
You have taken responsibility.
(Tue, 22 Dec 2015 21:51:35 GMT) (full text, mbox, link).
Notification sent
to Raphael Hertzog <hertzog@debian.org>
:
Bug acknowledged by developer.
(Tue, 22 Dec 2015 21:51:35 GMT) (full text, mbox, link).
Message #53 received at 803927-close@bugs.debian.org (full text, mbox, reply):
Source: eglibc Source-Version: 2.13-38+deb7u9 We believe that the bug you reported is fixed in the latest version of eglibc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 803927@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aurelien Jarno <aurel32@debian.org> (supplier of updated eglibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 21 Dec 2015 00:01:08 +0100 Source: eglibc Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd multiarch-support libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libc6-loongson2f libnss-dns-udeb libnss-files-udeb Architecture: source all amd64 Version: 2.13-38+deb7u9 Distribution: wheezy Urgency: medium Maintainer: Aurelien Jarno <aurel32@debian.org> Changed-By: Aurelien Jarno <aurel32@debian.org> Description: eglibc-source - Embedded GNU C Library: sources glibc-doc - Embedded GNU C Library: Documentation libc-bin - Embedded GNU C Library: Binaries libc-dev-bin - Embedded GNU C Library: Development binaries libc0.1 - Embedded GNU C Library: Shared libraries libc0.1-dbg - Embedded GNU C Library: detached debugging symbols libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for AMD64 libc0.1-i386 - Embedded GNU C Library: 32bit shared libraries for AMD64 libc0.1-i686 - Embedded GNU C Library: Shared libraries [i686 optimized] libc0.1-pic - Embedded GNU C Library: PIC archive library libc0.1-prof - Embedded GNU C Library: Profiling Libraries libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc0.3 - Embedded GNU C Library: Shared libraries libc0.3-dbg - Embedded GNU C Library: detached debugging symbols libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files libc0.3-i686 - Embedded GNU C Library: Shared libraries [i686 optimized] libc0.3-pic - Embedded GNU C Library: PIC archive library libc0.3-prof - Embedded GNU C Library: Profiling Libraries libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc0.3-xen - Embedded GNU C Library: Shared libraries [Xen version] libc6 - Embedded GNU C Library: Shared libraries libc6-amd64 - Embedded GNU C Library: 64bit Shared libraries for AMD64 libc6-dbg - Embedded GNU C Library: detached debugging symbols libc6-dev - Embedded GNU C Library: Development Libraries and Header Files libc6-dev-amd64 - Embedded GNU C Library: 64bit Development Libraries for AMD64 libc6-dev-i386 - Embedded GNU C Library: 32-bit development libraries for AMD64 libc6-dev-mips64 - Embedded GNU C Library: 64bit Development Libraries for MIPS64 libc6-dev-mipsn32 - Embedded GNU C Library: n32 Development Libraries for MIPS64 libc6-dev-powerpc - Embedded GNU C Library: 32bit powerpc development libraries for p libc6-dev-ppc64 - Embedded GNU C Library: 64bit Development Libraries for PowerPC64 libc6-dev-s390 - Embedded GNU C Library: 32bit Development Libraries for IBM zSeri libc6-dev-s390x - Embedded GNU C Library: 64bit Development Libraries for IBM zSeri libc6-dev-sparc64 - Embedded GNU C Library: 64bit Development Libraries for UltraSPAR libc6-i386 - Embedded GNU C Library: 32-bit shared libraries for AMD64 libc6-i686 - Embedded GNU C Library: Shared libraries [i686 optimized] libc6-loongson2f - Embedded GNU C Library: Shared libraries (Loongson 2F optimized) libc6-mips64 - Embedded GNU C Library: 64bit Shared libraries for MIPS64 libc6-mipsn32 - Embedded GNU C Library: n32 Shared libraries for MIPS64 libc6-pic - Embedded GNU C Library: PIC archive library libc6-powerpc - Embedded GNU C Library: 32bit powerpc shared libraries for ppc64 libc6-ppc64 - Embedded GNU C Library: 64bit Shared libraries for PowerPC64 libc6-prof - Embedded GNU C Library: Profiling Libraries libc6-s390 - Embedded GNU C Library: 32bit Shared libraries for IBM zSeries libc6-s390x - Embedded GNU C Library: 64bit Shared libraries for IBM zSeries libc6-sparc64 - Embedded GNU C Library: 64bit Shared libraries for UltraSPARC libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc6-xen - Embedded GNU C Library: Shared libraries [Xen version] libc6.1 - Embedded GNU C Library: Shared libraries libc6.1-alphaev67 - Embedded GNU C Library: Shared libraries (EV67 optimized) libc6.1-dbg - Embedded GNU C Library: detached debugging symbols libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files libc6.1-pic - Embedded GNU C Library: PIC archive library libc6.1-prof - Embedded GNU C Library: Profiling Libraries libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libnss-dns-udeb - Embedded GNU C Library: NSS helper for DNS - udeb (udeb) libnss-files-udeb - Embedded GNU C Library: NSS helper for files - udeb (udeb) locales - Embedded GNU C Library: National Language (locale) data [support] locales-all - Embedded GNU C Library: Precompiled locale data multiarch-support - Transitional package to ensure multiarch compatibility nscd - Embedded GNU C Library: Name Service Cache Daemon Closes: 779587 796105 798316 801691 803927 Changes: eglibc (2.13-38+deb7u9) wheezy; urgency=medium . [ Aurelien Jarno ] * patches/any/cvs-CVE-2015-1781.diff: new patch from upstream to fix a buffer overflow in getanswer_r (CVE-2015-1781). Closes: #796105. * patches/any/cvs-fnmatch-overflow.diff: new patch from upstream to fix a buffer overflow (read past end of buffer) in internal_fnmatch. * patches/any/cvs-_IO_wstr_overflow.diff: new patch from upstream to fix an integer overlow in IO_wstr_overflow. * patches/any/cvs-CVE-2014-8121.diff: new patch from upstream to fix an unexpected closing of nss_files databases after lookups, causing denial of service (CVE-2014-8121). Closes: #779587. * patches/any/cvs-ld_pointer_guard.diff: new patch from upstream to unconditionally disable LD_POINTER_GUARD. Closes: #798316, #801691. . [ Raphaël Hertzog ] * debian/patches/any/cvs-strxfrm-buffer-overflows.diff: new patch from upstream to fix memory allocations issues that can lead to buffer overflows on the stack. Closes: #803927. Checksums-Sha1: 74d3d3ff09e1699140ddeb8c81aa1064954aec9c 5370 eglibc_2.13-38+deb7u9.dsc 947574118b5cbf2a627a6eace3fb1609a68c68e7 2032480 eglibc_2.13-38+deb7u9.diff.gz 9fac56e8102a788379e983941001750b292225f5 1898360 glibc-doc_2.13-38+deb7u9_all.deb 1d5968e94d4ef9799daf6a5aa179c4f7b0ab0ab9 13566556 eglibc-source_2.13-38+deb7u9_all.deb e1b4b424b578c5f667586213b0fbd8e656522569 5654918 locales_2.13-38+deb7u9_all.deb 33a79e5c05fd5a6f701d36980797434e7cd5846c 4224614 libc6_2.13-38+deb7u9_amd64.deb 5b9ab18c8dce8d4db5b1ccd449ee201450e5b06b 2662030 libc6-dev_2.13-38+deb7u9_amd64.deb 80435daa14edfe6e7a7afa4cc34a8518565dbd56 2111306 libc6-prof_2.13-38+deb7u9_amd64.deb 31cde7e30cc699597ab95544099a20dd9895aee4 1617794 libc6-pic_2.13-38+deb7u9_amd64.deb 51348aeab402a722f2af6e89dc7da87930ae9979 1273994 libc-bin_2.13-38+deb7u9_amd64.deb 1c61afadf5b0ff2bcad00d4fb83b5f0599e071ea 227730 libc-dev-bin_2.13-38+deb7u9_amd64.deb 2ae3137eb352914b065fbdd80527d9b95eb2a827 151598 multiarch-support_2.13-38+deb7u9_amd64.deb d7362e300a3943489aca78d665dae404dad6702e 3061924 locales-all_2.13-38+deb7u9_amd64.deb 04603df69b864e575322d74040e675b07b53e352 3923172 libc6-i386_2.13-38+deb7u9_amd64.deb ad557189bc04fccbf0322f32d222d6de209fd2d5 1598590 libc6-dev-i386_2.13-38+deb7u9_amd64.deb 98c7f569b3892f4f2c4e5f7f7269f40e5a2a44c4 216182 nscd_2.13-38+deb7u9_amd64.deb f35b4f2f52733893430abcb9025add6602d16e51 2596892 libc6-dbg_2.13-38+deb7u9_amd64.deb dfcfa4ce0177bf4f8aa551523ed441dcb1471b3a 945118 libc6-udeb_2.13-38+deb7u9_amd64.udeb e6484a37c5fa5ba43b3313be326f807270f571f1 10182 libnss-dns-udeb_2.13-38+deb7u9_amd64.udeb d3484c2c321dbb1514b332381e5c2d6c2e94cda8 16026 libnss-files-udeb_2.13-38+deb7u9_amd64.udeb Checksums-Sha256: 6da3e9770d1c65f71828303af42e32f786beb6ffd068a468d69450b279a252bd 5370 eglibc_2.13-38+deb7u9.dsc 1c6f1f901c6ff2b43d1411c4d69f82060f133346c9a4b170b0a86c5668b5e7d5 2032480 eglibc_2.13-38+deb7u9.diff.gz 345dd5fbf50d2df21858ac706682004aba3c9111d66d04b0bf208452b36ff6f5 1898360 glibc-doc_2.13-38+deb7u9_all.deb 69da4aeb347d7666e343888aca44138642fc63f3860d8e5ff2948d8a094abfe9 13566556 eglibc-source_2.13-38+deb7u9_all.deb 06eead5446856696b85d61ffcba9cca0261033df57a73549f41a8afb012362bc 5654918 locales_2.13-38+deb7u9_all.deb 5f3f51daaacfdeffa4477e936af08a76f6b5c53ce259045019d78184fff65d7b 4224614 libc6_2.13-38+deb7u9_amd64.deb f7503bcacd54c9985f270e51b40236fd19bdd20f9cdb13581517d62937089f0a 2662030 libc6-dev_2.13-38+deb7u9_amd64.deb 75cdaade9d29ac960ceb69d5164585acba74966a9cf2d5d9b104c31cffb7657b 2111306 libc6-prof_2.13-38+deb7u9_amd64.deb 6ec73a94cb01690cc71e7cb718bdf5f98f0a75b536a5b60e5927d4187e28636e 1617794 libc6-pic_2.13-38+deb7u9_amd64.deb ad0a6594f135eedc3857529cf4557ab5166427e3eec263d973f4bc838e875d17 1273994 libc-bin_2.13-38+deb7u9_amd64.deb 0142da2fa4615ea5205d59f040211d6f5b545c22b8baa224d97df70463758cee 227730 libc-dev-bin_2.13-38+deb7u9_amd64.deb d8696f8cc379daae2ba750ac79341dd70394c6aeb40254f9f6927ac0d8331fca 151598 multiarch-support_2.13-38+deb7u9_amd64.deb cb92cdb2113032772ba4c760ff6b9323bee84a46ff3fe453f5b1fcbb88cdbcce 3061924 locales-all_2.13-38+deb7u9_amd64.deb d681bf3ac9eae7894ca2c6f99b9a32761468e1708ce67e8d61bf7065f203a56c 3923172 libc6-i386_2.13-38+deb7u9_amd64.deb 107eee47d578ceacfc8f2ef3bb748cad32355cd2df4756a6f3ff91df81f4f987 1598590 libc6-dev-i386_2.13-38+deb7u9_amd64.deb f952c5a225ffd40d3c449641a25a22693a0c7df59fdc78edf8fadc18fa20bcc9 216182 nscd_2.13-38+deb7u9_amd64.deb 12a2b36bf507e447b23f968f10e90e76fcf169f45ead5dfdf437c12dfd1cb1cf 2596892 libc6-dbg_2.13-38+deb7u9_amd64.deb 7e8629526de3c3f5a584c11d4c79d17b7ea3c3ae8df4f248395645d7c945ba84 945118 libc6-udeb_2.13-38+deb7u9_amd64.udeb 851b7691b95b74b48b65910d6315e8cad96c2214108020d0af3b0e554aa5d7a0 10182 libnss-dns-udeb_2.13-38+deb7u9_amd64.udeb 88a2eaf036f47c7d6d355d5d198ce176ab1fe26081839630f565b58efb75c855 16026 libnss-files-udeb_2.13-38+deb7u9_amd64.udeb Files: 3a59e15375397b1372f2d240905a409c 5370 libs required eglibc_2.13-38+deb7u9.dsc fe074de287b4bc832392516dc9b42a30 2032480 libs required eglibc_2.13-38+deb7u9.diff.gz cdbf36c20968257a0e160450da2a6367 1898360 doc optional glibc-doc_2.13-38+deb7u9_all.deb de01864e27cbb7219177ee8ac5d6e329 13566556 devel optional eglibc-source_2.13-38+deb7u9_all.deb 387168c77a4b76f475526b4db2d09494 5654918 localization standard locales_2.13-38+deb7u9_all.deb 28dcde5dad3e9a3d35e079135f5a74d2 4224614 libs required libc6_2.13-38+deb7u9_amd64.deb 9d277c36930697b705850eab2ead3790 2662030 libdevel optional libc6-dev_2.13-38+deb7u9_amd64.deb 71296d744ec73555a838b44e9612c628 2111306 libdevel extra libc6-prof_2.13-38+deb7u9_amd64.deb 116d5661bff84838ad76d2be34541a31 1617794 libdevel optional libc6-pic_2.13-38+deb7u9_amd64.deb e98d9b3b1e2c039426242287814bb5df 1273994 libs required libc-bin_2.13-38+deb7u9_amd64.deb 2bcd7a5ec6e73cf17e5d22d7045d4b3f 227730 libdevel optional libc-dev-bin_2.13-38+deb7u9_amd64.deb b3ffbc395cf1f35abae30d53b85b3118 151598 libs required multiarch-support_2.13-38+deb7u9_amd64.deb 28914c5f4fd469260f5fd60e6281357e 3061924 localization extra locales-all_2.13-38+deb7u9_amd64.deb 3213756781fc8d7f53cfa510c2a98cf4 3923172 libs optional libc6-i386_2.13-38+deb7u9_amd64.deb 58ca64c4a5373411fa8a4e7c6e412a9e 1598590 libdevel optional libc6-dev-i386_2.13-38+deb7u9_amd64.deb 9a55b3ed3980519b8e637f82c2fb38c4 216182 admin optional nscd_2.13-38+deb7u9_amd64.deb 7094a52c65266f764a3119dbb0eff081 2596892 debug extra libc6-dbg_2.13-38+deb7u9_amd64.deb 2643858971fcaf626209f44aaff4c992 945118 debian-installer extra libc6-udeb_2.13-38+deb7u9_amd64.udeb 9bf192c7fe3344faef3e9832511f69c9 10182 debian-installer extra libnss-dns-udeb_2.13-38+deb7u9_amd64.udeb f86cf198408c3072f4b9e47cdad001ff 16026 debian-installer extra libnss-files-udeb_2.13-38+deb7u9_amd64.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWd70uAAoJELqceAYd3YybCGkQALnCExqhv0dWM+wedYB70bs/ LmCHQNPRtgmXDkGsG7v46AnUbOA7+eiNh+zxmbzdo9gvDHBhZppX1QPq05D164Jb ZJkmoIm8DdUdaMQTRrkhoJyu/CDeTsRo+wazmtQdB8+pzkt/UV3bfaRxQAFiood4 tzzB1pFPcflF3PIgT+YNntVGl60uqXinClUY4rBoHK/ZMGHozf9PsY8Yj3tzeGRc W4wwXOgQ2vjVB5CE3Ptq/zbM5D70jY8pLHAwnddmO8//3Bp4d6kcIZInsJZjofkM o24zWvH86wM08asNOtZPYYG2+XOCUxYW5jPnUgPYcHGKuOCFKkl1vYQQqw1b82Xm 4+Z32jV0zhbPJe4ADiQWLYV6H8+fLNa/xgYQVQ44Lpmat2nNQRchFVlZc/NEgY8C 56P2uoeNYzL5Lz79klKWJ+39PUzuO085IMVoS/DSJ5LWQgXvnKRgylyh8oaaa7HG lrIGi6mlOc5O8tisd0rkgVTpArmvGkGvK9igp7ZjBNK7XW8uY0/LuL93crexHGC7 1ru1NwxW/+pRuWFnIe8m6RGKWDeGmGXh5m5C2ItBfzJ6sNyiNymNAJEqVXmsgxsD mHfLs34d4wGBC+JNN6EEjFtynE+EwBxP+EfdMNDjmrwVEaEOReKrh8dg78hqBYWT 8ydk/cEUdFGUaBSElA/1 =KLY6 -----END PGP SIGNATURE-----
Reply sent
to Aurelien Jarno <aurel32@debian.org>
:
You have taken responsibility.
(Fri, 01 Jan 2016 15:51:47 GMT) (full text, mbox, link).
Notification sent
to Raphael Hertzog <hertzog@debian.org>
:
Bug acknowledged by developer.
(Fri, 01 Jan 2016 15:51:47 GMT) (full text, mbox, link).
Message #58 received at 803927-close@bugs.debian.org (full text, mbox, reply):
Source: glibc Source-Version: 2.19-18+deb8u2 We believe that the bug you reported is fixed in the latest version of glibc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 803927@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 28 Dec 2015 21:39:40 +0100 Source: glibc Binary: libc-bin libc-dev-bin glibc-doc glibc-source locales locales-all nscd multiarch-support libc6 libc6-dev libc6-dbg libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc libc6-dev-sparc libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mips32 libc6-dev-mips32 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-x32 libc6-dev-x32 libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libc6-loongson2f libnss-dns-udeb libnss-files-udeb Architecture: source all Version: 2.19-18+deb8u2 Distribution: stable Urgency: medium Maintainer: Aurelien Jarno <aurel32@debian.org> Changed-By: Aurelien Jarno <aurel32@debian.org> Description: glibc-doc - GNU C Library: Documentation glibc-source - GNU C Library: sources libc-bin - GNU C Library: Binaries libc-dev-bin - GNU C Library: Development binaries libc0.1 - GNU C Library: Shared libraries libc0.1-dbg - GNU C Library: detached debugging symbols libc0.1-dev - GNU C Library: Development Libraries and Header Files libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64 libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64 libc0.1-i686 - GNU C Library: Shared libraries [i686 optimized] libc0.1-pic - GNU C Library: PIC archive library libc0.1-udeb - GNU C Library: Shared libraries - udeb (udeb) libc0.3 - GNU C Library: Shared libraries libc0.3-dbg - GNU C Library: detached debugging symbols libc0.3-dev - GNU C Library: Development Libraries and Header Files libc0.3-i686 - GNU C Library: Shared libraries [i686 optimized] libc0.3-pic - GNU C Library: PIC archive library libc0.3-udeb - GNU C Library: Shared libraries - udeb (udeb) libc0.3-xen - GNU C Library: Shared libraries [Xen version] libc6 - GNU C Library: Shared libraries libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64 libc6-dbg - GNU C Library: detached debugging symbols libc6-dev - GNU C Library: Development Libraries and Header Files libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64 libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64 libc6-dev-mips32 - GNU C Library: o32 Development Libraries for MIPS libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64 libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64 libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for ppc64 libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64 libc6-dev-s390 - GNU C Library: 32bit Development Libraries for IBM zSeries libc6-dev-sparc - GNU C Library: 32bit Development Libraries for SPARC libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC libc6-dev-x32 - GNU C Library: X32 ABI Development Libraries for AMD64 libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64 libc6-i686 - GNU C Library: Shared libraries [i686 optimized] libc6-loongson2f - GNU C Library: Shared libraries (Loongson 2F optimized) libc6-mips32 - GNU C Library: o32 Shared libraries for MIPS libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64 libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64 libc6-pic - GNU C Library: PIC archive library libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64 libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64 libc6-s390 - GNU C Library: 32bit Shared libraries for IBM zSeries libc6-sparc - GNU C Library: 32bit Shared libraries for SPARC libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC libc6-udeb - GNU C Library: Shared libraries - udeb (udeb) libc6-x32 - GNU C Library: X32 ABI Shared libraries for AMD64 libc6-xen - GNU C Library: Shared libraries [Xen version] libc6.1 - GNU C Library: Shared libraries libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized) libc6.1-dbg - GNU C Library: detached debugging symbols libc6.1-dev - GNU C Library: Development Libraries and Header Files libc6.1-pic - GNU C Library: PIC archive library libc6.1-udeb - GNU C Library: Shared libraries - udeb (udeb) libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb) libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb) locales - GNU C Library: National Language (locale) data [support] locales-all - GNU C Library: Precompiled locale data multiarch-support - Transitional package to ensure multiarch compatibility nscd - GNU C Library: Name Service Cache Daemon Closes: 779587 798316 798515 799966 800523 800574 801691 802256 803927 Changes: glibc (2.19-18+deb8u2) stable; urgency=medium . [ Aurelien Jarno ] * Update from upstream stable branch: - Fix getaddrinfo sometimes returning uninitialized data with nscd. Closes: #798515. - Fix data corruption while reading the NSS files database (CVE-2015-5277). Closes: #799966. - Fix buffer overflow (read past end of buffer) in internal_fnmatch. - Fix _IO_wstr_overflow integer overflow. - Fix unexpected closing of nss_files databases after lookups, causing denial of service (CVE-2014-8121). Closes: #779587. - Fix NSCD netgroup cache. Closes: #800523. * patches/any/cvs-ld_pointer_guard.diff: new patch from upstream to unconditionally disable LD_POINTER_GUARD. Closes: #798316, #801691. * patches/any/cvs-mangle-tls_dtor_list.diff: new patch from upstream to mangle function pointers in tls_dtor_list. Closes: #802256. * patches/any/cvs-strxfrm-buffer-overflows.diff: new patch from upstream to fix memory allocations issues that can lead to buffer overflows on the stack. Closes: #803927. . [ Henrique de Moraes Holschuh ] * Replace patches/amd64/local-blacklist-on-TSX-Haswell.diff by local-blacklist-for-Intel-TSX.diff also blacklisting some Broadwell models. Closes: #800574. Checksums-Sha1: e4386b9b316fb3366323a25c5626df580b3dd100 8236 glibc_2.19-18+deb8u2.dsc 9a766804327f12ab4424afab959c97d930421f1a 1040948 glibc_2.19-18+deb8u2.debian.tar.xz bbf48a19e71e8c9367d8514ff2e1131d34f0134e 2267136 glibc-doc_2.19-18+deb8u2_all.deb 35528d07531cc05b48fe0a3405de48e2ab91491b 13976542 glibc-source_2.19-18+deb8u2_all.deb 0b0f9e53d313deb1965e7994c386b5384be66bc2 3954372 locales_2.19-18+deb8u2_all.deb Checksums-Sha256: f87e7448c2e460aac9b1a420469b7848b057a5d4e9f716b26d0277446eabac13 8236 glibc_2.19-18+deb8u2.dsc 0e407d1610ba95adfe641d7030ddac13105682f638cf8ff1286dfd1c44d24aa3 1040948 glibc_2.19-18+deb8u2.debian.tar.xz 24366700536fe92feb1570b5ce733d09fac4d1956a5904e330ad7bb642a2a167 2267136 glibc-doc_2.19-18+deb8u2_all.deb b940f7c54a40513b5915ff6534b89d5f6b2154c2e78980bfe37b08264f55f90d 13976542 glibc-source_2.19-18+deb8u2_all.deb e7694d8bfafffbf78b3ebb79f9e3218d699f0e13b761e1f4c7848705eebc9fe2 3954372 locales_2.19-18+deb8u2_all.deb Files: 645a3775c11f5c216a25683b37db0f80 8236 libs required glibc_2.19-18+deb8u2.dsc f7c75b3bdf661a84abf51420f15b6933 1040948 libs required glibc_2.19-18+deb8u2.debian.tar.xz 80e5c2d6537a71b13c549f628e2fdf71 2267136 doc optional glibc-doc_2.19-18+deb8u2_all.deb fa2a8d49a5d97782a4f17aaea6edb642 13976542 devel optional glibc-source_2.19-18+deb8u2_all.deb f3090452ea4d882d1891f265b90a5979 3954372 localization standard locales_2.19-18+deb8u2_all.deb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWgb0OAAoJELqceAYd3Yyb8FcP/3FJ4wWofgVMLI/u8Po9Iq2e s3YRCwQNyCR7yGPiQS4Ow5OX3z/McXAG9MptMrWJUPetlFYttMqJJ7oW6Sgx5gZq oZqbU2bI3pvH3qzy/VJfhJSD9r9qYoDRg+5N1LJtpF8D42CbEnKZDNT0KEAFo2qB 5lQcesVhfOGJt8GywiI8W+E10qSaAioWE/qD+D5QSpzoO25suB+9b8spGRZKIT/9 5B36o0DZFfcooPWjjkzab245TKu4SSSmC721whR2HcS4u3mcx9ZdqTEpsEk0DNWm Hq25r0UJ8nvBffrgBY23odYRWgWeSNQcVml07RFY0dkNyz6FaX1x0917wnBzLvgX 0QAM+gSNs07e6QQV1AnrGzpXRUXsD3KTVklMrkKrKlZ0qmVZjKwzIm3COrIdEXUD 2FU/nSO49zLAvH+kUGMSeDQRDg4pgG2A/uhIq+ty8oBzkDiQvOpZNO8XZ8x2f43O g1l/RcUF46yzu3WJjKOGoyukKvLMnhywppTHkD4S7fVL+p1mtpBr6p+lNQ9wZuHk lxYJH4VcmcN1r2mEG6NcR8vdnSWueFIANaFRb/gSiz+oFo0inGLVFgC82a7moD05 yKXLR5BQo5fBNu0upLIrPHK1td9+bAaCyl2O5KlER2YzLtEqVJWcj2J5W/8itYaV 3XIC0DPL18g5+v9LXDpC =+T4w -----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 21 Feb 2016 07:30:48 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.