Debian Bug report logs -
#431858
CVE-2007-3508: Integer overflow
Reported by: Laurent Bonnaud <Laurent.Bonnaud@inpg.fr>
Date: Thu, 5 Jul 2007 13:57:02 UTC
Severity: important
Found in version glibc/2.5-11
Fixed in version glibc/2.6-2
Done: Aurelien Jarno <aurel32@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>
:
Bug#431858
; Package libc6
.
(full text, mbox, link).
Acknowledgement sent to Laurent Bonnaud <Laurent.Bonnaud@inpg.fr>
:
New Bug report received and forwarded. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libc6
Version: 2.5-11
Severity: important
Hi,
here is the problem:
http://www.gentoo.org/security/en/glsa/glsa-200707-04.xml
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (100, 'unstable'), (99, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.21-2-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libc6 depends on:
ii libgcc1 1:4.2-20070627-1 GCC support library
libc6 recommends no packages.
-- no debconf information
Information forwarded to debian-bugs-dist@lists.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>
:
Bug#431858
; Package libc6
.
(full text, mbox, link).
Acknowledgement sent to Pierre Habouzit <madcoder@debian.org>
:
Extra info received and forwarded to list. Copy sent to GNU Libc Maintainers <debian-glibc@lists.debian.org>
.
(full text, mbox, link).
Message #10 received at 431858@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Thu, Jul 05, 2007 at 03:54:10PM +0200, Laurent Bonnaud wrote:
> Package: libc6
> Version: 2.5-11
> Severity: important
>
>
> Hi,
>
> here is the problem:
>
> http://www.gentoo.org/security/en/glsa/glsa-200707-04.xml
FWIW this has been discussed with the security team already, there is
no way to exploit this, whatever the gentoo GLSA says. It does not mean
that we won't fix it, but it's not a big problem at all, I'm not even
sure it deserves the important severity :)
Cheers,
--
·O· Pierre Habouzit
··O madcoder@debian.org
OOO http://www.madism.org
[Message part 2 (application/pgp-signature, inline)]
Reply sent to Aurelien Jarno <aurel32@debian.org>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Laurent Bonnaud <Laurent.Bonnaud@inpg.fr>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #15 received at 431858-close@bugs.debian.org (full text, mbox, reply):
Source: glibc
Source-Version: 2.6-2
We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive:
glibc-doc_2.6-2_all.deb
to pool/main/g/glibc/glibc-doc_2.6-2_all.deb
glibc_2.6-2.diff.gz
to pool/main/g/glibc/glibc_2.6-2.diff.gz
glibc_2.6-2.dsc
to pool/main/g/glibc/glibc_2.6-2.dsc
libc6-dbg_2.6-2_amd64.deb
to pool/main/g/glibc/libc6-dbg_2.6-2_amd64.deb
libc6-dev-i386_2.6-2_amd64.deb
to pool/main/g/glibc/libc6-dev-i386_2.6-2_amd64.deb
libc6-dev_2.6-2_amd64.deb
to pool/main/g/glibc/libc6-dev_2.6-2_amd64.deb
libc6-i386_2.6-2_amd64.deb
to pool/main/g/glibc/libc6-i386_2.6-2_amd64.deb
libc6-pic_2.6-2_amd64.deb
to pool/main/g/glibc/libc6-pic_2.6-2_amd64.deb
libc6-prof_2.6-2_amd64.deb
to pool/main/g/glibc/libc6-prof_2.6-2_amd64.deb
libc6-udeb_2.6-2_amd64.udeb
to pool/main/g/glibc/libc6-udeb_2.6-2_amd64.udeb
libc6_2.6-2_amd64.deb
to pool/main/g/glibc/libc6_2.6-2_amd64.deb
libnss-dns-udeb_2.6-2_amd64.udeb
to pool/main/g/glibc/libnss-dns-udeb_2.6-2_amd64.udeb
libnss-files-udeb_2.6-2_amd64.udeb
to pool/main/g/glibc/libnss-files-udeb_2.6-2_amd64.udeb
locales-all_2.6-2_amd64.deb
to pool/main/g/glibc/locales-all_2.6-2_amd64.deb
locales_2.6-2_all.deb
to pool/main/g/glibc/locales_2.6-2_all.deb
nscd_2.6-2_amd64.deb
to pool/main/g/glibc/nscd_2.6-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 431858@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 10 Jul 2007 09:17:49 +0200
Source: glibc
Binary: libc0.1-prof libc6-dev-amd64 locales-all libc6-i686 libc6-dev-ppc64 libc0.3-pic glibc-doc libc0.3 libc6-dev-mipsn32 libc0.1-i686 libc0.1-i386 libc6-mips64 libc6.1-dev libc6-s390x libnss-files-udeb libc0.1-dev-i386 libc6-dev-sparc64 libc6-i386 libc0.3-dev libc6-udeb libc6-dbg libc6.1-pic libc6-dev libc0.3-prof libc6-sparcv9 libc0.1-udeb libc6-dev-i386 libc6.1-prof libc6-mipsn32 libc0.1-dev locales libc6-pic libc0.3-udeb libc6-dev-powerpc libc0.1-pic libc6-ppc64 libc0.3-dbg libc0.1-dbg libc6-amd64 libc0.1 libc6-prof libc6-xen libc6-dev-mips64 libc6-powerpc libc6 libc6-sparcv9b libc6.1-udeb libc6.1-dbg nscd libc6-sparc64 libnss-dns-udeb libc6.1 libc6-dev-s390x
Architecture: source amd64 all
Version: 2.6-2
Distribution: unstable
Urgency: low
Maintainer: Aurelien Jarno <aurel32@debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description:
glibc-doc - GNU C Library: Documentation
libc6 - GNU C Library: Shared libraries
libc6-dbg - GNU C Library: Libraries with debugging symbols
libc6-dev - GNU C Library: Development Libraries and Header Files
libc6-dev-i386 - GNU C Library: 32bit development libraries for AMD64
libc6-i386 - GNU C Library: 32bit shared libraries for AMD64
libc6-pic - GNU C Library: PIC archive library
libc6-prof - GNU C Library: Profiling Libraries
libc6-udeb - GNU C Library: Shared libraries - udeb (udeb)
libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb)
libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb)
locales - GNU C Library: National Language (locale) data [support]
locales-all - GNU C Library: Precompiled locale data
nscd - GNU C Library: Name Service Cache Daemon
Closes: 428509 429487 431858
Changes:
glibc (2.6-2) unstable; urgency=low
.
[ Clint Adams ]
* Add any/cvs-nis-nss-default.diff: preserve errno.
* Add any/cvs-vfscanf.diff: add additional test for EOF
in loop to look for conversion specifier to avoid testing of
wrong errno value.
.
[ Aurelien Jarno ]
* Add any/cvs-ld-integer-overflow.diff: fix an integer
overflow in ld.so. Closes: bug#431858.
* hppa/submitted-multiple-threads.diff: new patch to fix an FTBFS on
hppa. Closes: bug#428509, bug#429487.
Files:
e6c88006999907130c4dbe1b478998d5 2292 libs required glibc_2.6-2.dsc
1285f97c7cf9b86e754daf46ceee8459 665907 libs required glibc_2.6-2.diff.gz
e2d64a25338d49646d0a9c46e4cc0d7c 1628732 doc optional glibc-doc_2.6-2_all.deb
bfbb9d63113ee35addd2a41b6541cb34 4426222 libs standard locales_2.6-2_all.deb
4456290b52ddf9fa7f0dd2173c3e5f58 4885602 libs required libc6_2.6-2_amd64.deb
3957cf4be90e39ccad91eb4b30503481 2482136 libdevel optional libc6-dev_2.6-2_amd64.deb
bd87f479a360e852a49c1e8ba13f8f13 1916128 libdevel extra libc6-prof_2.6-2_amd64.deb
ab5306e9b5095a65fbdee2221f6e6873 1464722 libdevel optional libc6-pic_2.6-2_amd64.deb
0bfbbf3db28fa128eaf7a21905253830 2613730 libs extra locales-all_2.6-2_amd64.deb
3a4c740fd3b7dd6c7a9c7d2b18115e85 3706490 libs optional libc6-i386_2.6-2_amd64.deb
5291eb1a436e832f7ef49a264f898198 1869704 libdevel optional libc6-dev-i386_2.6-2_amd64.deb
32c1166025db954800f3df006fc9cc6d 162142 admin optional nscd_2.6-2_amd64.deb
5c2a5d2d1e75a0e14b99dfe118a299af 5121270 libdevel extra libc6-dbg_2.6-2_amd64.deb
63942a8ad72ba762685de8e5970b334a 1111162 debian-installer extra libc6-udeb_2.6-2_amd64.udeb
25a4b9b58ea8b27e48e035888cf6ee89 9518 debian-installer extra libnss-dns-udeb_2.6-2_amd64.udeb
f0819fe2e658b58701ee95ee7d99721a 17984 debian-installer extra libnss-files-udeb_2.6-2_amd64.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGk0Yrw3ao2vG823MRAgWZAJ4+QRxNNAMWI09UBMhQwW+OJgPiUwCfUus6
CI8eUlAuIB36JAOWr5dMKPo=
=0rqZ
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 30 Nov 2008 08:12:21 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:25:13 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.