Debian Bug report logs -
#924612
CVE-2019-9169
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>:
Bug#924612; Package src:glibc.
(Thu, 14 Mar 2019 21:39:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, GNU Libc Maintainers <debian-glibc@lists.debian.org>.
(Thu, 14 Mar 2019 21:39:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: glibc
Severity: important
Tags: security
Please see
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142
https://sourceware.org/bugzilla/show_bug.cgi?id=24114
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b833037175247230a328f0050dbfe9
Cheers,
Moritz
Marked as found in versions glibc/2.28-8.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 15 Mar 2019 21:39:04 GMT) (full text, mbox, link).
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 15 Mar 2019 21:39:06 GMT) (full text, mbox, link).
Message sent on
to Moritz Muehlenhoff <jmm@debian.org>:
Bug#924612.
(Sun, 17 Mar 2019 09:33:09 GMT) (full text, mbox, link).
Message #14 received at 924612-submitter@bugs.debian.org (full text, mbox, reply):
Control: tag -1 pending
Hello,
Bug #924612 in glibc reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:
https://salsa.debian.org/glibc-team/glibc/commit/fc73ed51f91c42b330942d777736ad40739347db
------------------------------------------------------------------------
debian/patches/git-updates.diff: update from upstream stable branch:
* debian/patches/git-updates.diff: update from upstream stable branch:
- Fix heap-based buffer over-read in regular-expression matching
(CVE-2019-9169). Closes: #924612.
------------------------------------------------------------------------
(this message was generated automatically)
--
Greetings
https://bugs.debian.org/924612
Added tag(s) pending.
Request was from Aurelien Jarno <noreply@salsa.debian.org>
to 924612-submitter@bugs.debian.org.
(Sun, 17 Mar 2019 09:33:09 GMT) (full text, mbox, link).
Added tag(s) fixed-upstream.
Request was from debian-bts-link@lists.debian.org
to control@bugs.debian.org.
(Mon, 25 Mar 2019 19:45:27 GMT) (full text, mbox, link).
Reply sent
to Aurelien Jarno <aurel32@debian.org>:
You have taken responsibility.
(Thu, 25 Apr 2019 22:51:06 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Thu, 25 Apr 2019 22:51:07 GMT) (full text, mbox, link).
Message #23 received at 924612-close@bugs.debian.org (full text, mbox, reply):
Source: glibc
Source-Version: 2.28-9
We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 924612@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 25 Apr 2019 21:12:03 +0200
Source: glibc
Architecture: source
Version: 2.28-9
Distribution: unstable
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Closes: 924612 927914
Changes:
glibc (2.28-9) unstable; urgency=medium
.
[ Aurelien Jarno ]
* debian/patches/git-updates.diff: update from upstream stable branch:
- Fix heap-based buffer over-read in regular-expression matching
(CVE-2019-9169). Closes: #924612.
- Add entry for the new Japanese era to the ja_JP locale. Closes:
#927914.
.
[ Adam Conrad ]
* debian/patches/arm/unsubmitted-ldso-abi-check.diff: Fix rtld segv in
dl_open() introduced via merge with upstream at 2.28 (LP: #1821677)
Checksums-Sha1:
7833db1fb71e76fca664ab85378d3782ecdfb5a1 8885 glibc_2.28-9.dsc
a79f40a76ee667d33d972884341b90ca75b8116e 882956 glibc_2.28-9.debian.tar.xz
475f4fd5058d96c297e2ead57c9d42acd20f30ba 7241 glibc_2.28-9_source.buildinfo
Checksums-Sha256:
e8abfd8e99890e93324c6c0ec1b4a093b0bde628151848bf5d26114eb1f11376 8885 glibc_2.28-9.dsc
59908f806fe0eddd6929705d3a493e6b96aa5dcb2f0e6e824aae57040adafbd8 882956 glibc_2.28-9.debian.tar.xz
bc2668920175c17ccc0daf7039a06c2e44942f5fd2fc4eaf97a741e7140b5829 7241 glibc_2.28-9_source.buildinfo
Files:
b6a4f9e6e8a061fc45c63dae4ff296f2 8885 libs required glibc_2.28-9.dsc
ab58421e5d02853af6901659a921d808 882956 libs required glibc_2.28-9.debian.tar.xz
af3dd21b0d7110f77ed3501f89d92c5f 7241 libs required glibc_2.28-9_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAlzCMggACgkQE4jA+Jno
M2su0g//eQz8QjgERLm0617Q06rvoTTtQz03UKdCw8ebhSIXoliW7TOe+OFGwn9/
Kq6cm/rZXETDApIDQs0eegBT5CrlmvWPPLjgTwscJks8azddY6EL5qr/jo9G155Y
7nuv90WRUbbIrcPx9aTpzk2vBhUKYfxDKug5ORdRg18d6NIg+Dp4/bpUPhewB5in
WDaQ8pEWK8vK1wZiHnijAlAsX8erJCcVFyb1hUpBfTeE7B9L/7CSrR3fxwXMq/Xx
14F6kiGBohwmhgGIOviiMfapFq94K9c57MtTK67uRIsiZ5FGPddgW5f9j4pBujFK
TZEFjk9J8bg0C3vm8FDnoFCSIbf8BX40FYPaT5PZznErHq2X7U+CFFSZk9jqcFCC
AeSMCWBbydhGzh4UKTGnw/L0Zd82GDYr/1JvFEJ6u4g3lFBo0bFDZ18UZGz4jGk5
HYv3WgCAZMwWXN4XV95T/QA+g9pl1rQb05ORTQ3w5QHp9cDrESu87vx2ycDdg9Ar
xfdeepw+vDIcIZFULUGCoLkx465idJHPT3ccEpXqagC5qtqvJYc13C/XB4OqdROD
a7ErW/x5ZOvFyY+ngG5eCyL0Ts62IJzBqBSe+ze32ZooML0LS7nGFTBaLv3Luoyi
axSyZYu7JyMjpWPdmRlWO2+xJ1aejNeAs8X5GOENfeBeWaKXAOU=
=vSUV
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 24 May 2019 07:25:38 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:51:24 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon