Debian Bug report logs -
#914837
glibc: CVE-2018-19591: Linux if_nametoindex() does not close descriptor
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#914837; Package src:glibc.
(Tue, 27 Nov 2018 20:33:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>.
(Tue, 27 Nov 2018 20:33:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: glibc
Version: 2.27-8
Severity: important
Tags: patch security upstream
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=23927
Hi,
The following vulnerability was published for glibc.
CVE-2018-19591[0]:
Linux if_nametoindex() does not close descriptor
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-19591
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19591
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=23927
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Message sent on
to Salvatore Bonaccorso <carnil@debian.org>:
Bug#914837.
(Wed, 28 Nov 2018 22:42:02 GMT) (full text, mbox, link).
Message #8 received at 914837-submitter@bugs.debian.org (full text, mbox, reply):
Control: tag -1 pending
Hello,
Bug #914837 in glibc reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:
https://salsa.debian.org/glibc-team/glibc/commit/aea56157b456d4d9bef337d0149e952a41a7d919
------------------------------------------------------------------------
debian/patches/git-updates.diff: update from upstream stable branch:
* debian/patches/git-updates.diff: update from upstream stable branch:
- Fix a file descriptor leak in if_nametoindex() (CVE-2018-19591).
Closes: #914837.
------------------------------------------------------------------------
(this message was generated automatically)
--
Greetings
https://bugs.debian.org/914837
Added tag(s) pending.
Request was from Aurelien Jarno <aurel32@debian.org>
to 914837-submitter@bugs.debian.org.
(Wed, 28 Nov 2018 22:42:02 GMT) (full text, mbox, link).
Message sent on
to Salvatore Bonaccorso <carnil@debian.org>:
Bug#914837.
(Wed, 28 Nov 2018 22:45:05 GMT) (full text, mbox, link).
Message #13 received at 914837-submitter@bugs.debian.org (full text, mbox, reply):
Control: tag -1 pending
Hello,
Bug #914837 in glibc reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:
https://salsa.debian.org/glibc-team/glibc/commit/aea56157b456d4d9bef337d0149e952a41a7d919
------------------------------------------------------------------------
debian/patches/git-updates.diff: update from upstream stable branch:
* debian/patches/git-updates.diff: update from upstream stable branch:
- Fix a file descriptor leak in if_nametoindex() (CVE-2018-19591).
Closes: #914837.
------------------------------------------------------------------------
(this message was generated automatically)
--
Greetings
https://bugs.debian.org/914837
Reply sent
to Aurelien Jarno <aurel32@debian.org>:
You have taken responsibility.
(Thu, 29 Nov 2018 06:39:05 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Thu, 29 Nov 2018 06:39:05 GMT) (full text, mbox, link).
Message #18 received at 914837-close@bugs.debian.org (full text, mbox, reply):
Source: glibc
Source-Version: 2.28-1
We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 914837@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 28 Nov 2018 23:42:08 +0100
Source: glibc
Binary: libc-bin libc-dev-bin libc-l10n glibc-doc glibc-source locales locales-all nscd multiarch-support libc6 libc6-dev libc6-dbg libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc libc6-dev-sparc libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mips32 libc6-dev-mips32 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-x32 libc6-dev-x32 libc6-xen libc0.3-xen libc6.1-alphaev67
Architecture: source
Version: 2.28-1
Distribution: unstable
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description:
glibc-doc - GNU C Library: Documentation
glibc-source - GNU C Library: sources
libc-bin - GNU C Library: Binaries
libc-dev-bin - GNU C Library: Development binaries
libc-l10n - GNU C Library: localization files
libc0.1 - GNU C Library: Shared libraries
libc0.1-dbg - GNU C Library: detached debugging symbols
libc0.1-dev - GNU C Library: Development Libraries and Header Files
libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64
libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64
libc0.1-pic - GNU C Library: PIC archive library
libc0.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
libc0.3 - GNU C Library: Shared libraries
libc0.3-dbg - GNU C Library: detached debugging symbols
libc0.3-dev - GNU C Library: Development Libraries and Header Files
libc0.3-pic - GNU C Library: PIC archive library
libc0.3-udeb - GNU C Library: Shared libraries - udeb (udeb)
libc0.3-xen - GNU C Library: Shared libraries [Xen version]
libc6 - GNU C Library: Shared libraries
libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64
libc6-dbg - GNU C Library: detached debugging symbols
libc6-dev - GNU C Library: Development Libraries and Header Files
libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64
libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64
libc6-dev-mips32 - GNU C Library: o32 Development Libraries for MIPS
libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64
libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64
libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for ppc64
libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64
libc6-dev-s390 - GNU C Library: 32bit Development Libraries for IBM zSeries
libc6-dev-sparc - GNU C Library: 32bit Development Libraries for SPARC
libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC
libc6-dev-x32 - GNU C Library: X32 ABI Development Libraries for AMD64
libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64
libc6-mips32 - GNU C Library: o32 Shared libraries for MIPS
libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64
libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64
libc6-pic - GNU C Library: PIC archive library
libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64
libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64
libc6-s390 - GNU C Library: 32bit Shared libraries for IBM zSeries
libc6-sparc - GNU C Library: 32bit Shared libraries for SPARC
libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC
libc6-udeb - GNU C Library: Shared libraries - udeb (udeb)
libc6-x32 - GNU C Library: X32 ABI Shared libraries for AMD64
libc6-xen - GNU C Library: Shared libraries [Xen version]
libc6.1 - GNU C Library: Shared libraries
libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized)
libc6.1-dbg - GNU C Library: detached debugging symbols
libc6.1-dev - GNU C Library: Development Libraries and Header Files
libc6.1-pic - GNU C Library: PIC archive library
libc6.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
locales - GNU C Library: National Language (locale) data [support]
locales-all - GNU C Library: Precompiled locale data
multiarch-support - Transitional package to ensure multiarch compatibility
nscd - GNU C Library: Name Service Cache Daemon
Closes: 914837
Changes:
glibc (2.28-1) unstable; urgency=medium
.
[ Samuel Thibault ]
* patches/hurd-i386/git-fcntl64.diff: Fix tst-utmp* tests.
* debian/patches/hurd-i386/tg-WRLCK-upgrade.diff: Refresh.
.
[ Aurelien Jarno ]
* debian/patches/git-updates.diff: update from upstream stable branch:
- Fix a file descriptor leak in if_nametoindex() (CVE-2018-19591).
Closes: #914837.
* debian/control.in/main: Update Vcs-Git to point to the default branch.
Checksums-Sha1:
4b87b2c4a5616ac8cb3b98fd27a7cd3f9fe2206e 8887 glibc_2.28-1.dsc
99c35f5e7917ad802163b10728310acd1c517a24 853036 glibc_2.28-1.debian.tar.xz
8ff569b3136cb600ed8ac9b3d346c822e8ce47af 7289 glibc_2.28-1_source.buildinfo
Checksums-Sha256:
c2bf3503db4e31df487f419694571a485baa3e6d60a4bcf4335be9e950331acf 8887 glibc_2.28-1.dsc
fecb3bccb2b73446b508f6a9d753332ff14017b7faedfeb876b158cc5d335fd2 853036 glibc_2.28-1.debian.tar.xz
3b12795410c69fc210986010e4c6a6032719b2fc67123e7e40a6a43b8c575381 7289 glibc_2.28-1_source.buildinfo
Files:
1576edb55f1233bd7c393c32f415868c 8887 libs required glibc_2.28-1.dsc
ffefd2c3dbeadaadb88154abe134754f 853036 libs required glibc_2.28-1.debian.tar.xz
c1d7c8c22c31e353ae8689eec97d6929 7289 libs required glibc_2.28-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAlv/GzIACgkQE4jA+Jno
M2t3BBAAlZ4F/p/4vBB6Rc+mKDyyuPiSgYYkN8JCiL8PYYsrDx9e0Xm6Es1wh4fu
HDunzYp17uZCSQm0IX3d6ynOFHBpl05JZFXWEAzKhz/6o/fbdYxcFjQS7BrlAOQr
dckP2AWf3+bXR0GhGOvdlmqmVmxsBLJblvdyZ7pxo5OSO/En65ULcaTUBszHzru5
NSQxhslvt3h4ywyFwawU8cMp3WY6Jk+pItfyMMBhVrVHe9aI8z8R1eRroTduxjtV
yJCAx+hqp7VfP9d066iPqN64uahKQjrrQUcfiAr07+sk7Q50yJ9HaON5dxnO987q
e/47Aw6YzgJCwWBDT408lHQUkKB5nJ6G5hQcrjZVWOqBQrx8PfjaZsyj2dy6B0Op
vWzRkAVECjzZ6TcYXdsHtMZgxUTBrJnOg28Or5YW7WcdUaJWYUzUkGRo+ZTgX/TZ
zPOUraWaT0hyDp6uOhk4WkEPPDCp4dCubUeGk4wukl44OoduRvDqd0CAiSp9mEMj
Q4xypNcAEqOEHcReaAKonIUz/Uz+FuR7ZnnPe0kyJaCU++d/JUhhr9VvTb6EfWl+
iWioZfuDBXudn6B4ROKimOn6bNBZ1/3pyvavt8kU35Oh4AZdFuQ1IfqBytzJX0lp
K2ZDpSuvswRH7pAu0aN5wjGL4Vp5DSISS4u/pfsZy3w4YNmTCQ0=
=uEUY
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 26 Apr 2019 07:26:02 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:22:17 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon