glibc: CVE-2016-6323: Missing unwind information on ARM

Debian Bug report logs - #834752
glibc: CVE-2016-6323: Missing unwind information on ARM

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: glibc: CVE-2016-6323: Missing unwind information on ARM

Date: Thu, 18 Aug 2016 18:15:22 +0200

Source: glibc
Version: 2.23-4
Severity: normal
Tags: security upstream
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=20435

Hi,

the following vulnerability was published for glibc, filling to track
the issue.

CVE-2016-6323[0]:
Missing unwind information on ARM

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-6323
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=20435

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #10 received at 834752-submitter@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <aurelien@aurel32.net>

To: 834752-submitter@bugs.debian.org

Subject: Bug#834752 marked as pending

Date: Fri, 19 Aug 2016 07:13:21 +0000

tag 834752 pending
thanks

Hello,

Bug #834752 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=pkg-glibc/glibc.git;a=commitdiff;h=e2ed4ec

---
commit e2ed4ec396146286dbc42061dc32de8dcddd1ae0
Author: Aurelien Jarno <aurelien@aurel32.net>
Date:   Fri Aug 19 09:13:04 2016 +0200

    Add bug number

diff --git a/debian/changelog b/debian/changelog
index 2a7b99f..bdd1a9e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,7 +8,7 @@ glibc (2.24-0experimental2) UNRELEASED; urgency=medium
   * debian/patches/git-updates.diff: update from upstream stable branch:
     - debian/patches/any/submitted-argp-attribute.diff: upstreamed.
     - Fix backtrace hang on armel/armhf, possibly causing a minor
-      denial-of-service vulnerability (CVE-2016-6323).
+      denial-of-service vulnerability (CVE-2016-6323).  Closes: #834752.
   * debian/control.in/libc: drop ${locale-compat:Depends} as it was not used
     anymore.
 

Message #13 received at 834752-submitter@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <aurelien@aurel32.net>

To: 834752-submitter@bugs.debian.org

Subject: Bug#834752 marked as pending

Date: Fri, 19 Aug 2016 07:34:25 +0000

tag 834752 pending
thanks

Hello,

Bug #834752 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=pkg-glibc/glibc.git;a=commitdiff;h=2f4445a

---
commit 2f4445ac9243c4d11adafd895f955ce83610062b
Author: Aurelien Jarno <aurelien@aurel32.net>
Date:   Fri Aug 19 09:33:49 2016 +0200

    Fix backtrace hang on armel/armhf, possibly causing a minor denial-of-service vulnerability (CVE-2016-6323).  Closes: #834752.

diff --git a/debian/changelog b/debian/changelog
index 89fe119..bf495d3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,8 @@
 glibc (2.19-18+deb8u6) UNRELEASED; urgency=medium
 
   * Update from upstream stable branch:
+    - Fix backtrace hang on armel/armhf, possibly causing a minor
+      denial-of-service vulnerability (CVE-2016-6323).  Closes: #834752.
     - Fix open and openat functions with O_TMPFILE.  Closes: #832521.
     - Drop debian/patches/any/cvs-ld_pointer_guard.diff (merged upstream).
     - Drop debian/patches/any/cvs-mangle-tls_dtor_list.diff (merged upstream).

Message #18 received at 834752-submitter@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <aurelien@aurel32.net>

To: 834752-submitter@bugs.debian.org

Subject: Bug#834752 marked as pending

Date: Wed, 31 Aug 2016 15:54:45 +0000

tag 834752 pending
thanks

Hello,

Bug #834752 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

    http://git.debian.org/?p=pkg-glibc/glibc.git;a=commitdiff;h=c028b7b

---
commit c028b7b635a958f2ee1cb4c6ecfde24538374327
Merge: 769ad5b 1371e46
Author: Aurelien Jarno <aurelien@aurel32.net>
Date:   Wed Aug 31 12:58:32 2016 +0200

    Merge branch 'glibc-2.24' into sid

diff --cc debian/changelog
index d6c85f9,dd52bae..c0ad927
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,10 -1,174 +1,181 @@@
+ glibc (2.24-0experimental2) UNRELEASED; urgency=medium
+ 
+   [ Adam Conrad ]
+   * debian/rules.d/control.mk: Manually add binutils, linux-libc-dev, and the
+     current GCC to the rebuild test deps, so they land in Testsuite-Triggers.
+ 
+   [ Aurelien Jarno ]
+   * debian/patches/git-updates.diff: update from upstream stable branch:
+     - debian/patches/any/submitted-argp-attribute.diff: upstreamed.
+     - Fix backtrace hang on armel/armhf, possibly causing a minor
+       denial-of-service vulnerability (CVE-2016-6323).  Closes: #834752.
+   * debian/control.in/libc: drop ${locale-compat:Depends} as it was not used
+     anymore.
+   * debian/control.in/libc, debian/rules.d/debhelper.mk: compute the
+     linux-libc-dev dependency from the one installed at build time.  Closes:
+     #834706.
+   * debian/patches/series: apply hppa/submitted-setcontext.diff.  Closes:
+     #835414.
+ 
+  -- Adam Conrad <adconrad@0c3.net>  Tue, 16 Aug 2016 05:33:48 -0600
+ 
+ glibc (2.24-0experimental1) experimental; urgency=medium
+ 
+   [ Samuel Thibault ]
+   * testsuite-xfail-debian.mk: Update with hurd-i386 non-regressions.
+ 
+   [ Aurelien Jarno ]
+   * debian/patches/git-updates.diff: update from upstream stable branch:
+     - debian/patches/powerpc/submitted-powerpc-ifunc-sel.diff: upstreamed.
+     - debian/patches/sparc/submitted-sparc-fdim.diff: upstreamed.
+   * debian/patches/sparc/cvs-test-strncmp.diff: new patch from upstream to
+     fix wcsmbs/test-wcsncmp on architecture with strong alignment.  Closes:
+     #825865.
+   * debian/patches/testsuite-xfail-debian.mk: remove xfail-test-wcsncmp on
+     sparc.
+   * debian/sysdeps/{sparc,sparc64}.mk: force target to sparcv9-linux-gnu.
+   * debian/patches/sparc/local-sparcv9-target.diff: drop, obsolete.
+   * patches/hppa/local-stack-grows-up.diff: restore one hunk that has not been
+     merged upstream from the 2.23 version.
+   * patches/localedata/locale-C.diff: update to unicode 8.0.0, add missing
+     categories, use the copy directive when possible.
+   * debian/rules.d/build.mk: disable the C++ compiler when tests are disabled,
+     based on a patch from Matthias Klose.  Closes: #834138.
+   * rules.d/build.mk: test for DEB_BUILD_OPTIONS="nocheck" using filter
+     instead of findstring.
+   * patches/kfreebsd/local-sysdeps.diff: update to revision 6101 (from
+     glibc-bsd).
+ 
+  -- Aurelien Jarno <aurel32@debian.org>  Mon, 15 Aug 2016 16:55:38 +0200
+ 
+ glibc (2.24-0experimental0) experimental; urgency=medium
+ 
+   * New upstream release: version 2.24.
+   * debian/patches/hurd-i386/submitted-malloc-setstate.diff: only apply on
+     hurd-i386, as it causes regressions on at least x32.
+   * debian/rules.d/tarball.mk: make the orig tarball generation a bit more
+     reproducible.
+   * debian/sysdeps/sparc64.mk: compile all flavours with -mcpu=ultrasparc.
+   * debian/patches/submitted-sparc-fdim.diff: new patch to fix fdimf and
+     fdim function on SPARC.
+ 
+  -- Aurelien Jarno <aurel32@debian.org>  Thu, 04 Aug 2016 03:13:12 +0200
+ 
+ glibc (2.23.90+20160725.b898b64-1) experimental; urgency=medium
+ 
+   [ Aurelien Jarno ]
+   * New upstream snapshot from 20160725.
+   * debian/testsuite-xfail-debian.mk: remove HPPA math tests from XFAIL,
+     the problem is fixed from some time already.
+   * debian/patches/powerpc/submitted-powerpc-ifunc-sel.diff: new patch to
+     fix the ifunc tests with GCC 6 on PowerPC.
+ 
+  -- Aurelien Jarno <aurel32@debian.org>  Mon, 25 Jul 2016 23:38:37 +0200
+ 
+ glibc (2.23.90+20160719.2c3d888-1) experimental; urgency=medium
+ 
+   [ Samuel Thibault ]
+   * testsuite-xfail-debian.mk: Add missing test failure (no actual
+     regression).
+ 
+   [ Aurelien Jarno ]
+   * New upstream snapshot from 20160719:
+     - debian/patches/hurd-i386/cvs-tabdly.diff: upstreamed.
+   * debian/control.in/main, debian/rules: build with GCC 6.
+ 
+  -- Aurelien Jarno <aurel32@debian.org>  Tue, 19 Jul 2016 23:34:49 +0200
+ 
+ glibc (2.23.90+20160711.c10f90d-1) experimental; urgency=medium
+ 
+   [ Samuel Thibault ]
+   * patches/hurd-i386/submitted-malloc-setstate.diff: New patch to fix
+     malloc_setstate.
+   * testsuite-xfail-debian.mk: Update hurd-i386 testsuite results, no actual
+     regression.
+ 
+   [ Aurelien Jarno ]
+   * New upstream snapshot from 20160711:
+     - debian/patches/localedata/locale-de_LI.diff: upstreamed.
+     - debian/patches/hppa/submitted-libm-test-ulps.diff: upstreamed.
+   * debian/testsuite-xfail-debian.mk: allow conform/XPG3/sys/stat.h
+     and conform/XPG4/sys/stat.h to fail on mips and mipsel, similarly
+     to the others sys/stat.h conform tests. Group all theses entries
+     and an explanation.
+   * debian/testsuite-xfail-debian.mk: do not allow math/test-fenv to
+     fail now that we do not have Loongson 2 buildds anymore.
+   * debian/patches/kfreebsd/local-sysdeps.diff, local-fbtl.diff:
+     update to revision 6087 (from glibc-bsd).
+   * debian/testsuite-xfail-debian.mk: allow more failures on kfreebsd-*,
+     mostly due to the fsid_t type, and which are not regressions.
+   * testsuite-xfail-debian.mk: Update x32 testsuite results, no actual
+     regression.
+   * Replace debian/patches/alpha/submitted-trunc.diff by
+     debian/patches/alpha/submitted-math-fixes.diff containing additional
+     math fixes.
+   * debian/rules: better glibc version detection for snapshots.
+ 
+  -- Aurelien Jarno <aurel32@debian.org>  Mon, 11 Jul 2016 22:45:50 +0200
+ 
+ glibc (2.23.90+20160507.87523e9-1) experimental; urgency=medium
+ 
+   * New upstream snapshot from 20160705:
+     - Fix locales license.  Closes: #555168.
+     - Fix Spanish locale 1st week definition.  Closes: #826888.
+     - debian/patches/localedata/sort-UTF8-first.diff: rebased.
+     - debian/patches/localedata/locale-eo_EO.diff: upstreamed.
+     - debian/patches/localedata/locale-ku_TR.diff: rebased.
+     - debian/patches/localedata/fo_FO-date_fmt.diff: rebased.
+     - debian/patches/localedata/locales-fr.diff: rebased.
+     - debian/patches/localedata/locale-en_DK.diff: rebased.
+     - debian/patches/localedata/locale-hsb_DE.diff: rebased.
+     - debian/patches/localedata/fr_CH-first_weekday.diff: upstreamed.
+     - debian/patches/localedata/locale-de_LI.diff: rebased.
+     - debian/patches/localedata/submitted-bz9725-locale-sv_SE.diff: rebased.
+     - debian/patches/localedata/first_weekday.diff: upstreamed.
+     - debian/patches/localedata/submitted-en_AU-date_fmt.diff: rebased.
+     - debian/patches/amd64/local-blacklist-for-Intel-TSX.diff
+     - debian/patches/arm/local-arm-futex.diff: rebased.
+     - debian/patches/hppa/local-stack-grows-up.diff: dropped, obsolete.
+     - debian/patches/hurd-i386/local-enable-ldconfig.diff: rebased.
+     - debian/patches/hurd-i386/tg-tls-threadvar.diff: rebased.
+     - debian/patches/hurd-i386/tg-hooks.diff: rebased.
+     - debian/patches/hurd-i386/cvs-openat.diff: upstreamed.
+     - debian/patches/hurd-i386/cvs-gai_sigqueue.diff: upstreamed.
+     - debian/patches/hurd-i386/cvs-aio_sigqueue.diff: upstreamed.
+     - debian/patches/hurd-i386/cvs-open.diff: upstreamed.
+     - debian/patches/hurd-i386/cvs-c++-types.diff: upstreamed.
+     - debian/patches/hurd-i386/cvs-errnos.d.diff: upstreamed.
+     - debian/patches/hurd-i386/cvs-mach-syscalls.mk.diff: upstreamed.
+     - debian/patches/hurd-i386/cvs-auxv.diff: upstreamed.
+     - debian/patches/hurd-i386/cvs-gprof-tick.diff: upstreamed.
+     - debian/patches/hurd-i386/cvs-IPV6_PKTINFO.diff: upstreamed.
+     - debian/patches/hurd-i386/cvs-i686-link.diff: upstreamed.
+     - debian/patches/hurd-i386/cvs-check-local-headers.diff: rebased.
+     - debian/patches/hurd-i386/tg-gsync-libc.diff: rebased.
+     - debian/patches/i386/local-cpuid-level2.diff: rebased.
+     - debian/patches/sparc/submitted-sparc64-socketcall.diff: rebased.
+     - debian/patches/sparc/cvs-sparc-nearbyint.diff: upstreamed.
+     - debian/patches/any/local-libgcc-compat-ports.diff: rebased.
+     - debian/patches/any/submitted-longdouble.diff: rebased.
+     - debian/patches/any/submitted-string2-strcmp.diff: rebased.
+     - debian/patches/any/local-dynamic-resolvconf.diff: rebased.
+     - debian/patches/any/cvs-tst-malloc-thread-exit.diff: upstreamed.
+     - debian/patches/any/cvs-sys-personality-h.diff: upstreamed.
+   * debian/patches/localedata/{locale-C.diff,locale-de_LI.diff,
+     locale-eu_FR.diff,new-valencian-locale.diff}: change LC_IDENTIFICATION
+     to i18n:2012.
+   * debian/debhelper.in/locales.config: convert iw_IL into he_IL, as the
+     former was deprecated and has been removed.
+ 
+  -- Aurelien Jarno <aurel32@debian.org>  Tue, 05 Jul 2016 20:47:21 +0200
+ 
 +glibc (2.23-6) UNRELEASED; urgency=medium
 +
 +  * patches/hurd-i386/cvs-adjtime-NULL.diff: New patch to fix crash on
 +    adjtime(..., NULL).
 +
 + -- Samuel Thibault <sthibault@debian.org>  Tue, 30 Aug 2016 23:09:02 +0200
 +
  glibc (2.23-5) unstable; urgency=medium
  
    * patches/hurd-i386/git-recvmsg.diff: New patch, fixes recvmsg on PF_LOCAL

Message #23 received at 834752-close@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <aurel32@debian.org>

To: 834752-close@bugs.debian.org

Subject: Bug#834752: fixed in glibc 2.24-1

Date: Wed, 31 Aug 2016 16:25:35 +0000

Source: glibc
Source-Version: 2.24-1

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 834752@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 31 Aug 2016 17:51:04 +0200
Source: glibc
Binary: libc-bin libc-dev-bin libc-l10n glibc-doc glibc-source locales locales-all nscd multiarch-support libc6 libc6-dev libc6-dbg libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc libc6-dev-sparc libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mips32 libc6-dev-mips32 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-x32 libc6-dev-x32 libc6-xen libc0.3-xen libc6.1-alphaev67 libc0.1-i686 libc0.3-i686 libc6-i686
Architecture: source
Version: 2.24-1
Distribution: unstable
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description:
 glibc-doc  - GNU C Library: Documentation
 glibc-source - GNU C Library: sources
 libc-bin   - GNU C Library: Binaries
 libc-dev-bin - GNU C Library: Development binaries
 libc-l10n  - GNU C Library: localization files
 libc0.1    - GNU C Library: Shared libraries
 libc0.1-dbg - GNU C Library: detached debugging symbols
 libc0.1-dev - GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64
 libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - transitional dummy package
 libc0.1-pic - GNU C Library: PIC archive library
 libc0.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - GNU C Library: Shared libraries
 libc0.3-dbg - GNU C Library: detached debugging symbols
 libc0.3-dev - GNU C Library: Development Libraries and Header Files
 libc0.3-i686 - transitional dummy package
 libc0.3-pic - GNU C Library: PIC archive library
 libc0.3-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc0.3-xen - GNU C Library: Shared libraries [Xen version]
 libc6      - GNU C Library: Shared libraries
 libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - GNU C Library: detached debugging symbols
 libc6-dev  - GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips32 - GNU C Library: o32 Development Libraries for MIPS
 libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64
 libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64
 libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for ppc64
 libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64
 libc6-dev-s390 - GNU C Library: 32bit Development Libraries for IBM zSeries
 libc6-dev-sparc - GNU C Library: 32bit Development Libraries for SPARC
 libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC
 libc6-dev-x32 - GNU C Library: X32 ABI Development Libraries for AMD64
 libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - transitional dummy package
 libc6-mips32 - GNU C Library: o32 Shared libraries for MIPS
 libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - GNU C Library: PIC archive library
 libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64
 libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-s390 - GNU C Library: 32bit Shared libraries for IBM zSeries
 libc6-sparc - GNU C Library: 32bit Shared libraries for SPARC
 libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc6-x32  - GNU C Library: X32 ABI Shared libraries for AMD64
 libc6-xen  - GNU C Library: Shared libraries [Xen version]
 libc6.1    - GNU C Library: Shared libraries
 libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - GNU C Library: detached debugging symbols
 libc6.1-dev - GNU C Library: Development Libraries and Header Files
 libc6.1-pic - GNU C Library: PIC archive library
 libc6.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
 locales    - GNU C Library: National Language (locale) data [support]
 locales-all - GNU C Library: Precompiled locale data
 multiarch-support - Transitional package to ensure multiarch compatibility
 nscd       - GNU C Library: Name Service Cache Daemon
Closes: 834706 834752 835414
Changes:
 glibc (2.24-1) unstable; urgency=medium
 .
   [ Adam Conrad ]
   * debian/rules.d/control.mk: Manually add binutils, linux-libc-dev, and the
     current GCC to the rebuild test deps, so they land in Testsuite-Triggers.
 .
   [ Aurelien Jarno ]
   * debian/patches/git-updates.diff: update from upstream stable branch:
     - debian/patches/any/submitted-argp-attribute.diff: upstreamed.
     - Fix backtrace hang on armel/armhf, possibly causing a minor
       denial-of-service vulnerability (CVE-2016-6323).  Closes: #834752.
   * debian/control.in/libc: drop ${locale-compat:Depends} as it was not used
     anymore.
   * debian/control.in/libc, debian/rules.d/debhelper.mk: compute the
     linux-libc-dev dependency from the one installed at build time.  Closes:
     #834706.
   * debian/patches/series: apply hppa/submitted-setcontext.diff.  Closes:
     #835414.
 .
   [ Samuel Thibault ]
   * patches/hurd-i386/cvs-adjtime-NULL.diff: New patch to fix crash on
     adjtime(..., NULL).
Checksums-Sha1:
 56e2cfa8a1c4229a89860548478cfd96085fdf03 8296 glibc_2.24-1.dsc
 4557e0cc8a2f41034ae923460645b2cdbd370ed9 917300 glibc_2.24-1.debian.tar.xz
Checksums-Sha256:
 0b9e5c627e3cb9ed022745c5d28ea1913c6e2ba0bf4a0d7360004d0c561465ee 8296 glibc_2.24-1.dsc
 cb2cf29ac2afa7a7ac2b50bcf4357db3f14571b6e578dc22f81d7884bc8efaaf 917300 glibc_2.24-1.debian.tar.xz
Files:
 292aaa1a6cb7e43d43a9bf17e47cd75b 8296 libs required glibc_2.24-1.dsc
 fc62a34e213853ca9fdd2fae193c5af2 917300 libs required glibc_2.24-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXxv0+AAoJELqceAYd3YybVnAP/2+xE7ufHlqTZNzagfPr3U/K
cjfd/o/I8XrhfQ+n2Dh4ek0LoJbaFNiIkBWhGrDJNVnm8YHfE9qQD8aVRA8cKciY
JQRm7CjTaGDw13U78ZqFjqJPe2FqeIIYUczDcznL8AqkgU45Ua5yxQF8kCncOvZV
fMJvfOJFUi/ULRpbPEBcLx3aYf6kBZ1/I/Ai3XZ9zdWR9AqdmAqaI+FkNacKQIj3
1zUzrBPP5mglkKjxdqAePqeELZtjqppMyY7z2lmwg1qpqUQMOtIL0I9tdDZPTdxF
2daHtbG5xOwElqPGYwXHQgBVweTyuLmzxigVCID3/dIA+9ciUODyQFRu9ZWlxNsO
Sq9K0knANQ4/GgvSFbkjDohcSalfyvHOjbB7U1xcE3oR0f1Jr266e451d6sxJw2Z
hyy0ThE4Ya4Z8WS5Euj5o0h+1/mBjJyQTpFXxef/bjd6NHzlEykRaq13skH3EtF/
jQ6gbhXPF4Y0W9le3+Y4iLflL+QKe2Jv6PD0X8vsCRpIwRz/oYU4yqrbOjaMphKw
ARNmBwFuz0vSJNz/8ssuQcQzzjPvuglsq/trA00xMTNjU2VGaW/BZcYxQhcrG0mb
pl7Uo51as1XQQsBdSPDJg2Jzl5XXt4Rra+hOUFwugb/5//pSqysLbwj5LDDC39j9
XiikIl6oDPnwGHLnpnG2
=0fdG
-----END PGP SIGNATURE-----

Message #28 received at 834752-close@bugs.debian.org (full text, mbox, reply):

From: Aurelien Jarno <aurel32@debian.org>

To: 834752-close@bugs.debian.org

Subject: Bug#834752: fixed in glibc 2.19-18+deb8u6

Date: Sun, 04 Sep 2016 22:17:18 +0000

Source: glibc
Source-Version: 2.19-18+deb8u6

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 834752@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 03 Sep 2016 22:39:43 +0200
Source: glibc
Binary: libc-bin libc-dev-bin glibc-doc glibc-source locales locales-all nscd multiarch-support libc6 libc6-dev libc6-dbg libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc libc6-dev-sparc libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mips32 libc6-dev-mips32 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-x32 libc6-dev-x32 libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libc6-loongson2f libnss-dns-udeb libnss-files-udeb
Architecture: source all
Version: 2.19-18+deb8u6
Distribution: stable
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description:
 glibc-doc  - GNU C Library: Documentation
 glibc-source - GNU C Library: sources
 libc-bin   - GNU C Library: Binaries
 libc-dev-bin - GNU C Library: Development binaries
 libc0.1    - GNU C Library: Shared libraries
 libc0.1-dbg - GNU C Library: detached debugging symbols
 libc0.1-dev - GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64
 libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - GNU C Library: PIC archive library
 libc0.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - GNU C Library: Shared libraries
 libc0.3-dbg - GNU C Library: detached debugging symbols
 libc0.3-dev - GNU C Library: Development Libraries and Header Files
 libc0.3-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc0.3-pic - GNU C Library: PIC archive library
 libc0.3-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc0.3-xen - GNU C Library: Shared libraries [Xen version]
 libc6      - GNU C Library: Shared libraries
 libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - GNU C Library: detached debugging symbols
 libc6-dev  - GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips32 - GNU C Library: o32 Development Libraries for MIPS
 libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64
 libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64
 libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for ppc64
 libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64
 libc6-dev-s390 - GNU C Library: 32bit Development Libraries for IBM zSeries
 libc6-dev-sparc - GNU C Library: 32bit Development Libraries for SPARC
 libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC
 libc6-dev-x32 - GNU C Library: X32 ABI Development Libraries for AMD64
 libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc6-loongson2f - GNU C Library: Shared libraries (Loongson 2F optimized)
 libc6-mips32 - GNU C Library: o32 Shared libraries for MIPS
 libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - GNU C Library: PIC archive library
 libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64
 libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-s390 - GNU C Library: 32bit Shared libraries for IBM zSeries
 libc6-sparc - GNU C Library: 32bit Shared libraries for SPARC
 libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc6-x32  - GNU C Library: X32 ABI Shared libraries for AMD64
 libc6-xen  - GNU C Library: Shared libraries [Xen version]
 libc6.1    - GNU C Library: Shared libraries
 libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - GNU C Library: detached debugging symbols
 libc6.1-dev - GNU C Library: Development Libraries and Header Files
 libc6.1-pic - GNU C Library: PIC archive library
 libc6.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb)
 locales    - GNU C Library: National Language (locale) data [support]
 locales-all - GNU C Library: Precompiled locale data
 multiarch-support - Transitional package to ensure multiarch compatibility
 nscd       - GNU C Library: Name Service Cache Daemon
Closes: 818281 832521 834752
Changes:
 glibc (2.19-18+deb8u6) stable; urgency=medium
 .
   * Update from upstream stable branch:
     - Fix backtrace hang on armel/armhf, possibly causing a minor
       denial-of-service vulnerability (CVE-2016-6323).  Closes: #834752.
     - Fix open and openat functions with O_TMPFILE.  Closes: #832521.
     - Drop debian/patches/any/cvs-ld_pointer_guard.diff (merged upstream).
     - Drop debian/patches/any/cvs-mangle-tls_dtor_list.diff (merged upstream).
     - Drop debian/patches/any/cvs-strxfrm-buffer-overflows.diff (merged
       upstream).
   * debian/patches/any/submitted-resolv-ipv6-nameservers.diff: replace by
     patch cvs-resolv-ipv6-nameservers.diff taken from upstream. This fixes
     mtr on systems using only IPv6 nameservers.  Closes: #818281.
Checksums-Sha1:
 42eba0c41da1a2b527a078d754871dee968cd032 8220 glibc_2.19-18+deb8u6.dsc
 0d9eff2b72cf7c6ae4d82859d878751b64cbbcc0 1062520 glibc_2.19-18+deb8u6.debian.tar.xz
 3e89b24fff50ac50cb318e5d05b2722b75f26812 2270880 glibc-doc_2.19-18+deb8u6_all.deb
 a4e598ecf917102de7a336d094a11f4f30442471 14207582 glibc-source_2.19-18+deb8u6_all.deb
 37e0f344107569df3d1d3027b9f73aff01ad9d0d 3945006 locales_2.19-18+deb8u6_all.deb
Checksums-Sha256:
 e84bc32d28a021e1d17e41ae2b3c862efe927160525b0fdb2b2bab9151f845b2 8220 glibc_2.19-18+deb8u6.dsc
 21ce25c8a325df5a0864217910c9161c0874d1d5f58a18044bf4bdb056311d06 1062520 glibc_2.19-18+deb8u6.debian.tar.xz
 681e4b007405ef4b0da3dba5473f0cd0daf06563c677b1b8393e1051f3e78f78 2270880 glibc-doc_2.19-18+deb8u6_all.deb
 f24fc46bcd75a5230b6dc58b7df6f050b0e232dd6c078ab397ad9ec534184e64 14207582 glibc-source_2.19-18+deb8u6_all.deb
 9b08d567327ecbc922e433b590967e13b0e198e0acf0f572cec2e8a4d7bfab96 3945006 locales_2.19-18+deb8u6_all.deb
Files:
 2d09ced86f62a0283db7af1b03d6beb9 8220 libs required glibc_2.19-18+deb8u6.dsc
 40846bbfb8a497299533e3763d8a16d7 1062520 libs required glibc_2.19-18+deb8u6.debian.tar.xz
 fc6f49fbd9ac68b69e42c77a358dd451 2270880 doc optional glibc-doc_2.19-18+deb8u6_all.deb
 db2004713e927cc069e36701a5517da0 14207582 devel optional glibc-source_2.19-18+deb8u6_all.deb
 d8e89fa8e2e5f53a96d836eb50ab7a72 3945006 localization standard locales_2.19-18+deb8u6_all.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXy0xJAAoJELqceAYd3Yyb/aUQAK/W7wWup1c/mzCRTtlNS+tU
P7QscWfzktnxLb8pY5PMUHDnens08Kje0uT19mmZ9AvNs4d/dZFliD7/1Fyo6VxX
umXothgfDW8dMvFJjnwtkvsgunZFvW36Iz5uutiPcMHIlYW/sbo9+ubDb78Snhdq
CkFcd1rg9msRDP7aOO+7jcaO3XzkkZIKpGzl7AYz039MSswcidMFYbuslZ0Xm466
gPraxK+OQkfE8Bu1A+DAEZnWBGzKKBcvfphRZjx4eHTlEhgqlTIMptlAkXD69lr4
gLWis4y+ILxZWvGjI0pnM4xoa8WCjmtwUB32KLOiNsiOOqRMEi+A1TZCU7i+VCRb
sDeuWxIRrI4Ba56xvpt6ip09MAAXUnSJ87lGG/6e1ESe4jj87AVN+8HxPsOU1H2G
L9P9N6KvnDh8fik5EyilwQ3RP1pg71mMO7V7tcvcOE8mEzj8AwDF/GX19cvv9nFo
jQlf2i6LUUZalQaPJ9OYf2YuK+gagwI3G5Ry2mVMRrqKJFTb5qbIXWI6AS8hYMSY
97W1igLkFqBkApA0XRaqT2nXKCMxaQLTiAkLOzp48sY/jLu9f7OStJ+ZaiNrejpS
SXXpbN8cyjSQMMi8khV/Iph4ot5vNI6PyeO2MWra/bR/sb/eFPGTxmz8KWcRGPAp
3R4SSxmGl48fQYGqitOZ
=Mg5y
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.