Debian Bug report logs -
#796106
CVE-2015-5180
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#796106; Package src:glibc.
(Wed, 19 Aug 2015 14:06:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>.
(Wed, 19 Aug 2015 14:06:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: glibc
Severity: important
Tags: security
Please see https://sourceware.org/bugzilla/show_bug.cgi?id=18784
for details. Unfixed upstream ATM.
Cheers,
Moritz
Marked as found in versions glibc/2.19-18.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 02 Aug 2016 17:51:07 GMT) (full text, mbox, link).
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 02 Aug 2016 17:51:12 GMT) (full text, mbox, link).
Added tag(s) fixed-upstream.
Request was from bts-link-upstream@lists.alioth.debian.org
to control@bugs.debian.org.
(Mon, 02 Jan 2017 17:33:10 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from Aurelien Jarno <aurelien@aurel32.net>
to control@bugs.debian.org.
(Tue, 03 Jan 2017 21:54:08 GMT) (full text, mbox, link).
Message sent on
to Moritz Muehlenhoff <jmm@debian.org>:
Bug#796106.
(Tue, 03 Jan 2017 21:54:10 GMT) (full text, mbox, link).
Message #18 received at 796106-submitter@bugs.debian.org (full text, mbox, reply):
tag 796106 pending
thanks
Hello,
Bug #796106 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:
http://git.debian.org/?p=pkg-glibc/glibc.git;a=commitdiff;h=c16873a
---
commit c16873aceccff7a1116adb047a47d5fb95fd461c
Author: Aurelien Jarno <aurelien@aurel32.net>
Date: Tue Jan 3 22:51:27 2017 +0100
patches/any/cvs-resolv-internal-qtype.diff: patch from upstream to fix a NULL pointer dereference in libresolv when receiving a T_UNSPEC internal QTYPE (CVE-2015-5180). Closes: #796106.
diff --git a/debian/changelog b/debian/changelog
index 58aaf38..2bf3ceb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -24,6 +24,9 @@ glibc (2.24-9) UNRELEASED; urgency=medium
with the PT154 charset. Closes: #847596.
* debian/patches/git-updates.diff: update from upstream stable branch:
- debian/patches/alpha/submitted-math-fixes.diff: Drop, merged upstream.
+ * patches/any/cvs-resolv-internal-qtype.diff: patch from upstream to fix a
+ NULL pointer dereference in libresolv when receiving a T_UNSPEC internal
+ QTYPE (CVE-2015-5180). Closes: #796106.
-- Samuel Thibault <sthibault@debian.org> Fri, 09 Dec 2016 01:51:00 +0100
Reply sent
to Aurelien Jarno <aurel32@debian.org>:
You have taken responsibility.
(Mon, 16 Jan 2017 18:06:05 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Mon, 16 Jan 2017 18:06:05 GMT) (full text, mbox, link).
Message #23 received at 796106-close@bugs.debian.org (full text, mbox, reply):
Source: glibc
Source-Version: 2.24-9
We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 796106@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 16 Jan 2017 18:43:37 +0100
Source: glibc
Binary: libc-bin libc-dev-bin libc-l10n glibc-doc glibc-source locales locales-all nscd multiarch-support libc6 libc6-dev libc6-dbg libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc libc6-dev-sparc libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mips32 libc6-dev-mips32 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-x32 libc6-dev-x32 libc6-xen libc0.3-xen libc6.1-alphaev67 libc0.1-i686 libc0.3-i686 libc6-i686
Architecture: source
Version: 2.24-9
Distribution: unstable
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description:
glibc-doc - GNU C Library: Documentation
glibc-source - GNU C Library: sources
libc-bin - GNU C Library: Binaries
libc-dev-bin - GNU C Library: Development binaries
libc-l10n - GNU C Library: localization files
libc0.1 - GNU C Library: Shared libraries
libc0.1-dbg - GNU C Library: detached debugging symbols
libc0.1-dev - GNU C Library: Development Libraries and Header Files
libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64
libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64
libc0.1-i686 - transitional dummy package
libc0.1-pic - GNU C Library: PIC archive library
libc0.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
libc0.3 - GNU C Library: Shared libraries
libc0.3-dbg - GNU C Library: detached debugging symbols
libc0.3-dev - GNU C Library: Development Libraries and Header Files
libc0.3-i686 - transitional dummy package
libc0.3-pic - GNU C Library: PIC archive library
libc0.3-udeb - GNU C Library: Shared libraries - udeb (udeb)
libc0.3-xen - GNU C Library: Shared libraries [Xen version]
libc6 - GNU C Library: Shared libraries
libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64
libc6-dbg - GNU C Library: detached debugging symbols
libc6-dev - GNU C Library: Development Libraries and Header Files
libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64
libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64
libc6-dev-mips32 - GNU C Library: o32 Development Libraries for MIPS
libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64
libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64
libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for ppc64
libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64
libc6-dev-s390 - GNU C Library: 32bit Development Libraries for IBM zSeries
libc6-dev-sparc - GNU C Library: 32bit Development Libraries for SPARC
libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC
libc6-dev-x32 - GNU C Library: X32 ABI Development Libraries for AMD64
libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64
libc6-i686 - transitional dummy package
libc6-mips32 - GNU C Library: o32 Shared libraries for MIPS
libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64
libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64
libc6-pic - GNU C Library: PIC archive library
libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64
libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64
libc6-s390 - GNU C Library: 32bit Shared libraries for IBM zSeries
libc6-sparc - GNU C Library: 32bit Shared libraries for SPARC
libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC
libc6-udeb - GNU C Library: Shared libraries - udeb (udeb)
libc6-x32 - GNU C Library: X32 ABI Shared libraries for AMD64
libc6-xen - GNU C Library: Shared libraries [Xen version]
libc6.1 - GNU C Library: Shared libraries
libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized)
libc6.1-dbg - GNU C Library: detached debugging symbols
libc6.1-dev - GNU C Library: Development Libraries and Header Files
libc6.1-pic - GNU C Library: PIC archive library
libc6.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
locales - GNU C Library: National Language (locale) data [support]
locales-all - GNU C Library: Precompiled locale data
multiarch-support - Transitional package to ensure multiarch compatibility
nscd - GNU C Library: Name Service Cache Daemon
Closes: 783210 796106 847596 850182 850565
Changes:
glibc (2.24-9) unstable; urgency=medium
.
[ Samuel Thibault ]
* hurd-i386/tg-libpthread-gsync-mutex.diff: Update patch, fixes trylock
error return.
* hurd-i386/tg-magic-pid.diff: New patch, add support for /proc/self.
* hurd-i386/tg-mlockall.diff: New patch, add support for mlockall.
- control: Bump gnumach-dev build-depend accordingly.
* hurd-i386/tg-gsync-libc.diff: Fix linking against built libmachuser
instead of installed libmachuser.
* libc0.3.symbols.hurd-i386: Add vm_wire_all symbols.
.
[ Aurelien Jarno ]
* debian/sysdeps/{amd64,i386,x32}.mk: disable lock elision (aka Intel TSX)
on x86 architectures. This causes programs (wrongly) unlocking an already
unlocked mutex to abort. More importantly most of the other distributions
decided to disable it, so we don't want to be the only distribution left
testing this code path. Closes: #850182.
* debian/rules.d/build.mk: pass --no-recursion before -T in the call to tar
to workaround or fix bug#829738. This reduces the size of the glibc-source
package by 40%
* debian/patches/localedata/supported.diff: rename the kk_KZ locale with the
RK1048 charset to kk_KZ.RK1048 to avoid conflicting with the kk_KZ locale
with the PT154 charset. Closes: #847596.
* debian/patches/git-updates.diff: update from upstream stable branch:
- debian/patches/alpha/submitted-math-fixes.diff: Drop, merged upstream.
* patches/any/cvs-resolv-internal-qtype.diff: patch from upstream to fix a
NULL pointer dereference in libresolv when receiving a T_UNSPEC internal
QTYPE (CVE-2015-5180). Closes: #796106.
* Make the package build reproducibly, thanks to Ximin Luo for the patch.
Closes: #783210.
- debian/rules: export SOURCE_DATE_EPOCH when not building with
dpkg-buildpackage.
- debian/rules.d/build.mk: use --clamp-mtime instead of touching the
files.
- debian/rules.d/debhelper.mk: do not chmod +x the shell script, call
it with sh instead.
* debian/rules.d/control.mk: Add the sh4 architecture to libc6_archs.
Closes: #850565.
Checksums-Sha1:
55330e604868f98ee591d296f1f6606049ed7bf3 8351 glibc_2.24-9.dsc
8451261dd2f792c726a28535949f767437c40192 973160 glibc_2.24-9.debian.tar.xz
Checksums-Sha256:
c7ca2d54ff9b5e1cc32db75b9430d8caa51aa6c6b6aa40d06f7823905fcf7cc6 8351 glibc_2.24-9.dsc
942db07a2d095530aa2d54d55b4acddfe93b53abc4599c20d9705b0f95a740fe 973160 glibc_2.24-9.debian.tar.xz
Files:
3c9ffbdb695c7a8ef8c6f6a834d6c738 8351 libs required glibc_2.24-9.dsc
fbfb8f0fa5e1c79046406b55730ac274 973160 libs required glibc_2.24-9.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEd0YmQqnvlP0Pdxltupx4Bh4djJsFAlh9BsQACgkQupx4Bh4d
jJviLRAAq3AwAqkKX9lAZgXKr4jp78nXnR8UPGlhK2zay6AjdK9UAUPvs4qcZzJg
dPxsLppRR0Bj2xgqJIZeetU93F8U1aEO2aAiCEybR9uZw72p/5h0EyAW5szBtdnD
NQxLwFfull+rRQ/j6SDd0XcLXiW0sVWrWo76AM4ThE0kRkCCGAL3l2zV9VSDz6hQ
gbnjyr4TKZf6ncjDMvaH5VAMkggW5fbzoWNr1qgaVNtOMQWTO3If+Yq5fKTYC3ae
ue0961defooNHGY+2qehO/ge4eM8Ox4vx30H1+z8jq0FKfYeyFkND8H4TRryPTdw
s7IyhM9rtOaCduy/aWMbMO2rT+UglDHaI02jYWpKWG6aQKUTZouErc/qO1K1EnrY
/ZSLRC202QOKl6pHTVqtoOlxIjOjPUn5aLpJRl6OZtG+Fw2I7S7ek32iHWS0pxsG
sU5/2vViILqqKyGsM1XR1GBN9v2TUAE4qJJz9ecCDjf+osiL01B9ZE4LdOMSyR6I
jdbQKjWW+o6bZBIPD8m+8F2VxzHo/sAOFa9MurHBrg0jDTXbg6oY3eQ9TrVWHttA
WviECWIiwAzAq/aoaBmD+iHZWJG4fXX6lypV+I6NtgYVS4HsUK7XR8CiuQ8lgOrU
RvNpRGW7WKHKsbvaJQHFXwEKIDOsZKjSMktb6AbMBoEBEIKP9Dg=
=QJTM
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 03 Mar 2017 07:25:23 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:57:57 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon