Your message dated Sun, 03 Jun 2012 21:18:29 +0000
with message-id <e1sbibx-0004gx...@franck.debian.org>
and subject line Bug#672119: fixed in eglibc 2.13-33
has caused the Debian Bug report #672119,
regarding CVE-2011-1658
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
672119: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672119
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: eglibc
Severity: important
Tags: security
This appears to be still unfixed in sid:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1658
These fixes were made for glibc:
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=96611391
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=101fdc24
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=049b59f7
This appears to have been merged into eglibc with this commit:
http://www.eglibc.org/cgi-bin/viewvc.cgi?view=rev&revision=13801
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: eglibc
Source-Version: 2.13-33
We believe that the bug you reported is fixed in the latest version of
eglibc, which is due to be installed in the Debian FTP archive:
eglibc-source_2.13-33_all.deb
to main/e/eglibc/eglibc-source_2.13-33_all.deb
eglibc_2.13-33.diff.gz
to main/e/eglibc/eglibc_2.13-33.diff.gz
eglibc_2.13-33.dsc
to main/e/eglibc/eglibc_2.13-33.dsc
glibc-doc_2.13-33_all.deb
to main/e/eglibc/glibc-doc_2.13-33_all.deb
libc-bin_2.13-33_amd64.deb
to main/e/eglibc/libc-bin_2.13-33_amd64.deb
libc-dev-bin_2.13-33_amd64.deb
to main/e/eglibc/libc-dev-bin_2.13-33_amd64.deb
libc6-dbg_2.13-33_amd64.deb
to main/e/eglibc/libc6-dbg_2.13-33_amd64.deb
libc6-dev-i386_2.13-33_amd64.deb
to main/e/eglibc/libc6-dev-i386_2.13-33_amd64.deb
libc6-dev_2.13-33_amd64.deb
to main/e/eglibc/libc6-dev_2.13-33_amd64.deb
libc6-i386_2.13-33_amd64.deb
to main/e/eglibc/libc6-i386_2.13-33_amd64.deb
libc6-pic_2.13-33_amd64.deb
to main/e/eglibc/libc6-pic_2.13-33_amd64.deb
libc6-prof_2.13-33_amd64.deb
to main/e/eglibc/libc6-prof_2.13-33_amd64.deb
libc6-udeb_2.13-33_amd64.udeb
to main/e/eglibc/libc6-udeb_2.13-33_amd64.udeb
libc6_2.13-33_amd64.deb
to main/e/eglibc/libc6_2.13-33_amd64.deb
libnss-dns-udeb_2.13-33_amd64.udeb
to main/e/eglibc/libnss-dns-udeb_2.13-33_amd64.udeb
libnss-files-udeb_2.13-33_amd64.udeb
to main/e/eglibc/libnss-files-udeb_2.13-33_amd64.udeb
locales-all_2.13-33_amd64.deb
to main/e/eglibc/locales-all_2.13-33_amd64.deb
locales_2.13-33_all.deb
to main/e/eglibc/locales_2.13-33_all.deb
multiarch-support_2.13-33_amd64.deb
to main/e/eglibc/multiarch-support_2.13-33_amd64.deb
nscd_2.13-33_amd64.deb
to main/e/eglibc/nscd_2.13-33_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 672...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno <aure...@debian.org> (supplier of updated eglibc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 03 Jun 2012 21:38:54 +0200
Source: eglibc
Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd
multiarch-support libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb
libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3
libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1
libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386
libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390
libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc
libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32
libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-i686
libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67
libc6-loongson2f libnss-dns-udeb libnss-files-udeb
Architecture: source all amd64
Version: 2.13-33
Distribution: unstable
Urgency: medium
Maintainer: Aurelien Jarno <aure...@debian.org>
Changed-By: Aurelien Jarno <aure...@debian.org>
Description:
eglibc-source - Embedded GNU C Library: sources
glibc-doc - Embedded GNU C Library: Documentation
libc-bin - Embedded GNU C Library: Binaries
libc-dev-bin - Embedded GNU C Library: Development binaries
libc0.1 - Embedded GNU C Library: Shared libraries
libc0.1-dbg - Embedded GNU C Library: detached debugging symbols
libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files
libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for
AMD64
libc0.1-i386 - Embedded GNU C Library: 32bit shared libraries for AMD64
libc0.1-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
libc0.1-pic - Embedded GNU C Library: PIC archive library
libc0.1-prof - Embedded GNU C Library: Profiling Libraries
libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
libc0.3 - Embedded GNU C Library: Shared libraries
libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files
libc0.3-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
libc0.3-pic - Embedded GNU C Library: PIC archive library
libc0.3-prof - Embedded GNU C Library: Profiling Libraries
libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
libc0.3-xen - Embedded GNU C Library: Shared libraries [Xen version]
libc6 - Embedded GNU C Library: Shared libraries
libc6-amd64 - Embedded GNU C Library: 64bit Shared libraries for AMD64
libc6-dbg - Embedded GNU C Library: detached debugging symbols
libc6-dev - Embedded GNU C Library: Development Libraries and Header Files
libc6-dev-amd64 - Embedded GNU C Library: 64bit Development Libraries for AMD64
libc6-dev-i386 - Embedded GNU C Library: 32-bit development libraries for AMD64
libc6-dev-mips64 - Embedded GNU C Library: 64bit Development Libraries for
MIPS64
libc6-dev-mipsn32 - Embedded GNU C Library: n32 Development Libraries for
MIPS64
libc6-dev-powerpc - Embedded GNU C Library: 32bit powerpc development
libraries for p
libc6-dev-ppc64 - Embedded GNU C Library: 64bit Development Libraries for
PowerPC64
libc6-dev-s390 - Embedded GNU C Library: 32bit Development Libraries for IBM
zSeri
libc6-dev-s390x - Embedded GNU C Library: 64bit Development Libraries for IBM
zSeri
libc6-dev-sparc64 - Embedded GNU C Library: 64bit Development Libraries for
UltraSPAR
libc6-i386 - Embedded GNU C Library: 32-bit shared libraries for AMD64
libc6-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
libc6-loongson2f - Embedded GNU C Library: Shared libraries (Loongson 2F
optimized)
libc6-mips64 - Embedded GNU C Library: 64bit Shared libraries for MIPS64
libc6-mipsn32 - Embedded GNU C Library: n32 Shared libraries for MIPS64
libc6-pic - Embedded GNU C Library: PIC archive library
libc6-powerpc - Embedded GNU C Library: 32bit powerpc shared libraries for
ppc64
libc6-ppc64 - Embedded GNU C Library: 64bit Shared libraries for PowerPC64
libc6-prof - Embedded GNU C Library: Profiling Libraries
libc6-s390 - Embedded GNU C Library: 32bit Shared libraries for IBM zSeries
libc6-s390x - Embedded GNU C Library: 64bit Shared libraries for IBM zSeries
libc6-sparc64 - Embedded GNU C Library: 64bit Shared libraries for UltraSPARC
libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
libc6-xen - Embedded GNU C Library: Shared libraries [Xen version]
libc6.1 - Embedded GNU C Library: Shared libraries
libc6.1-alphaev67 - Embedded GNU C Library: Shared libraries (EV67 optimized)
libc6.1-dbg - Embedded GNU C Library: detached debugging symbols
libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files
libc6.1-pic - Embedded GNU C Library: PIC archive library
libc6.1-prof - Embedded GNU C Library: Profiling Libraries
libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
libnss-dns-udeb - Embedded GNU C Library: NSS helper for DNS - udeb (udeb)
libnss-files-udeb - Embedded GNU C Library: NSS helper for files - udeb (udeb)
locales - Embedded GNU C Library: National Language (locale) data [support]
locales-all - Embedded GNU C Library: Precompiled locale data
multiarch-support - Transitional package to ensure multiarch compatibility
nscd - Embedded GNU C Library: Name Service Cache Daemon
Closes: 666760 671299 671478 672119 672688 673271 673339 673711 673933 674072
674602 674645 674954 675606
Changes:
eglibc (2.13-33) unstable; urgency=medium
.
[ Clint Adams ]
* patches/localedata/cvs-rupeesign.diff: use new rupee symbol
in Indian locales, thanks to Prema. closes: #671299.
.
[ Samuel Thibault ]
* patches/hurd-i386/tg-{IPV6_PKTINFO,SOL_IP,____longjmp_chk,catch-signal,
critical-sections,dl-sysdep.c_SHARED,dup3,ioctl-decode-argument,
itimer-lock,libc_stack_end,mach-nanosleep,mkdir_root,mlock,null-pathname,
posix2008,posix_opt.h,readlinkat,hurd-recvfrom,sbrk,select-inputcheck,
setresid,hurd_socket_server_indexcheck,strtoul_PLT,struct_stat,
dup3-lock}.diff: Refresh with upstream version and rename to cvs.
* patches/hurd-i386/cvs-O_CLOEXEC.diff: New patch to accept use of O_CLOEXEC
in rtld.
* patches/hurd-i386/submitted-getgroups.diff: New patch from Pino to reject
some out of range values.
* patches/hurd-i386/submitted-getlogin_r.diff: New patch from Pino to fix
re-entrancy of getlogin_r and return ERANGE when the provided buffer is
too small.
* patches/hurd-i386/submitted-ptsname.diff: New patch from Pino to fix
buffer checks in ptsname.
* patches/hurd-i386/tg-hooks.diff: Add rules to sort _hurd_fork_locks.
* patches/hurd-i386/submitted-sendto.diff: New patch from Pino to fix
sendto() calls with NULL addr.
* control/{main,libc}: Remove libpthread-stubs-dev dependency on hurd-i386.
* patches/hurd-i386/libpthread.diff: Add -lrt in libpthread.a to fix static
linking.
* patches/hurd-i386/tg-chflags.diff: New patch to fix and add f?chflags
prototype.
* patches/hurd-i386/submitted-exec_filename.diff: New patch to pass argv[0]
through exec, to fix some shell scripts, e.g. glib testsuite.
* control.in/main: build-depend on newer hurd package to be able to pass
argv[0] through exec.
* libc0.3.symbols.hurd-i386: Add symbols for RPCs for argv[0] through exec.
.
[ Petr Salinger ]
* kfreebsd/local-sysdeps.diff: update to revision 4286 (from glibc-bsd).
* fixup any/local-linuxthreads-setclock.diff. Closes: #673711.
.
[ Aurelien Jarno ]
* debian/control.in/main: set glibc-doc as Multiarch: foreign.
Closes: #674645.
* Update Portuguese debconf translation, by Pedro Ribeiro. Closes: #674954.
* patches/arm/unsubmitted-ldso-abi-check.diff: fix broken armhf specific
hack. Closes: #674602.
* patches/any/cvs-regex.diff: fix access after end of search string in regex
matcher. Closes: #672688.
* patches/any/cvs-getpwuid-nsswitch.diff: fix a memory leak in
getpwuid/nsswitch.c. Closes: #674072.
* patches/localedata/submitted-es_MX-decimal_point.diff: fix
decimal_point and thousands_sep. Closes: #673339.
* patches/any/local-sunrpc-dos.diff: fix a DoS in RPC implementation
(CVE-2011-4609). Closes: #671478.
* patches/kfreebsd/local-use-thr-primitives.diff: bump LinuxThreads
version. Closes: #675606.
* Take-over nsswitch.conf installation from base-files. Closes:
#673271.
* Set libc*-dev "Multi-Arch: same". Add conflicts betwwen libc*-dev
packages. Move a.out.h and ieee754.h to the arch qualified path.
Thanks to Thibaut Girka for the help. Closes: #666760.
* Add patches/any/cvs-ld.so-rpath-origin.diff to fix an insecure handling
of privileged programs' RPATHs with $ORIGIN (CVE-2011-1658). Closes:
#672119.
* Refresh all patches to loose the "diff --git" headers. Closes:
#673933.
Checksums-Sha1:
fcb0e3e3244a0194637fff3bb23895aea93e1c2c 4681 eglibc_2.13-33.dsc
069e63968fdd5135c99b9e3b3932bffa36a4ec2b 1959365 eglibc_2.13-33.diff.gz
72b3d8f75e52894cb9d727b996f74a8db3641b7a 1894732 glibc-doc_2.13-33_all.deb
aefc31f23693297c370c9163aabb4ff6074578ea 13399450 eglibc-source_2.13-33_all.deb
d8e32a903c3985409f67e209a3cd607601eb6ab8 5711570 locales_2.13-33_all.deb
8e5c23fe1df7b49f2a9b4639cf68c765afe37114 4343444 libc6_2.13-33_amd64.deb
10c781421ce91ae90d2aad4596732898d7c62aa0 2650218 libc6-dev_2.13-33_amd64.deb
16e9c9ceabef646ab482da46fce074960c4714ef 2091802 libc6-prof_2.13-33_amd64.deb
4fba76c677902382111bf6bdb64a5210707f1044 1596314 libc6-pic_2.13-33_amd64.deb
9fd6a287fd3d15f7fe2c23c3aa6e3435c2a3bbd6 1266334 libc-bin_2.13-33_amd64.deb
8d4b2f4bda054c6177f57d1e7d968dc304f50b16 224144 libc-dev-bin_2.13-33_amd64.deb
27a57855f5e8ede20f646eb8f6ca7bde1a51583b 148152
multiarch-support_2.13-33_amd64.deb
809a6e5f154627759cf625ad2db2313025a8bc1b 3264740 locales-all_2.13-33_amd64.deb
be6529b40564334ffcb40b5711c0b16546068f7c 4024166 libc6-i386_2.13-33_amd64.deb
411b23e98c371fd9bd854e3c7a40fb095b40dbac 1574690
libc6-dev-i386_2.13-33_amd64.deb
8fc5ffed88e27dee96bb9727e8beca50973ce09b 210860 nscd_2.13-33_amd64.deb
a6412b3db136362ea72d100c3877aab2876179e4 2573842 libc6-dbg_2.13-33_amd64.deb
707412b698f912a4f4dd418376c16a5a50b029c9 935562 libc6-udeb_2.13-33_amd64.udeb
85ff300ef8427bf614e1e8acc2b24ec84659dd38 10192
libnss-dns-udeb_2.13-33_amd64.udeb
0b17b23a32b1a73c2e61d31021a2446a03ee760a 16058
libnss-files-udeb_2.13-33_amd64.udeb
Checksums-Sha256:
2455da17d35312b5a64313928a69f6209c83015a5b5a8bba2f6023b9443f3ad0 4681
eglibc_2.13-33.dsc
5a6cac6d647643ad877bf84a315824e4717fa915251e2e8543bf40f58842a268 1959365
eglibc_2.13-33.diff.gz
d9240bc0cb670d1b7fb2f5fab4f729ed5212444838b8c545f3a089ccddd4077e 1894732
glibc-doc_2.13-33_all.deb
1006173cf0fb918f5c5460839803a534b5fe0dfaae0b5622758e211d0febda2c 13399450
eglibc-source_2.13-33_all.deb
e33fbf78bd76510df5dda64f013918bbcf00926dbfd48f1154158961ef2e904d 5711570
locales_2.13-33_all.deb
f07b07ba18c16dd907c2740f5a6f6dede219fedf413ebd2ff4da6ca1dc4b197d 4343444
libc6_2.13-33_amd64.deb
e83185ce27ec6d01adc87d9670069b25b594adafabd63ea33ea5f52849caf50d 2650218
libc6-dev_2.13-33_amd64.deb
c567464a33b1f2377ceac28431246fc66b2590d1f385829d627d39b106dcf484 2091802
libc6-prof_2.13-33_amd64.deb
46d31da480b23b40ab218b64e4fde95b729a6f1c8f652c83151880821b0daacf 1596314
libc6-pic_2.13-33_amd64.deb
7475d4112b24145ae1ac88d98175d026f4d2bb5cc6f04ba2a1f2d1d7648a0a40 1266334
libc-bin_2.13-33_amd64.deb
c27e8c2f677a7a83fd6cc483f875ec530836cab1d0b8d09e65507d673057df76 224144
libc-dev-bin_2.13-33_amd64.deb
44bf03aac27e38bff537805c66086b740960ea5b65b75e5813126120cc9f5042 148152
multiarch-support_2.13-33_amd64.deb
7a7443cd4243bc92f3f29dd7d483b1c5ca0534295437204aac1a8202a1d92b17 3264740
locales-all_2.13-33_amd64.deb
50407ace6c072442f488a758da464262bb49620bd64e4b86db152c7ac03c414b 4024166
libc6-i386_2.13-33_amd64.deb
6e14a2c396625489bfe2de5cba6e26ee25d751f5d37f56950f1d4abebc9116b0 1574690
libc6-dev-i386_2.13-33_amd64.deb
7966b5a763a250b5a0f5b524244c8b76d285c34721595d67212698e27a827e11 210860
nscd_2.13-33_amd64.deb
11964d020a9b08c604114233f095aa1cf0247146c5043d674f9ea0be8589803f 2573842
libc6-dbg_2.13-33_amd64.deb
6dcb7e2eb6b10f13ebe5357dce0e02f0ee54837c34f8f1c38e316065bfd82735 935562
libc6-udeb_2.13-33_amd64.udeb
68d7f5d167233161af2f33416b5ad73813234d2a3a3728a7de5b387557727b77 10192
libnss-dns-udeb_2.13-33_amd64.udeb
2e77b763de4bba1a1072f21c61c7b994303723c07dfdd361f9605dbdad89a3e4 16058
libnss-files-udeb_2.13-33_amd64.udeb
Files:
a5a03901f33c7ca995cd0ec5468f132e 4681 libs required eglibc_2.13-33.dsc
be95ce8d8ab8247007374e808e432d84 1959365 libs required eglibc_2.13-33.diff.gz
87d4bc802bdbad0bb9ee5ce145b730ed 1894732 doc optional glibc-doc_2.13-33_all.deb
a5a34333d3e4f4fc82baa7475a065cea 13399450 devel optional
eglibc-source_2.13-33_all.deb
fffc565fb4f969b5e0d6b577d31bd814 5711570 localization standard
locales_2.13-33_all.deb
1d0123c793716dd88e25cca6635c5782 4343444 libs required libc6_2.13-33_amd64.deb
fdb880e71ef79a589b5b840f8353178f 2650218 libdevel optional
libc6-dev_2.13-33_amd64.deb
4d12c851a26cdc86ecf7c6a975b50f19 2091802 libdevel extra
libc6-prof_2.13-33_amd64.deb
87638a908e646fdc67f2a7dc8876c015 1596314 libdevel optional
libc6-pic_2.13-33_amd64.deb
b444ae7c5f9f985d4d2f5e04f1dc2b3b 1266334 libs required
libc-bin_2.13-33_amd64.deb
9e6278ea61e6a432f648904227bf0740 224144 libdevel optional
libc-dev-bin_2.13-33_amd64.deb
b2519e9779b721f7e44dcc3edfb5c71f 148152 libs standard
multiarch-support_2.13-33_amd64.deb
72686e979af5fbc0b291257d7b8c34c7 3264740 localization extra
locales-all_2.13-33_amd64.deb
bca90bc724850868f91b41fd91d3b42d 4024166 libs optional
libc6-i386_2.13-33_amd64.deb
22c4cdf80174822f08d44ed87e4b039e 1574690 libdevel optional
libc6-dev-i386_2.13-33_amd64.deb
089c915f11554902b96a6d8508820358 210860 admin optional nscd_2.13-33_amd64.deb
8d143d9ecc3a79c9d7ee6fdea1d82cfe 2573842 debug extra
libc6-dbg_2.13-33_amd64.deb
47e4ebb5baad5f12502f45b178fc2288 935562 debian-installer extra
libc6-udeb_2.13-33_amd64.udeb
abbca05ad0ec8893c0c4bc98f13377dc 10192 debian-installer extra
libnss-dns-udeb_2.13-33_amd64.udeb
d5608a9bdf7c0c0e001e0d7d9b4afe08 16058 debian-installer extra
libnss-files-udeb_2.13-33_amd64.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFPy80Tw3ao2vG823MRAqBMAJwNt7ml+JHqEfp0AbD0oqafiJVpcgCeNEtW
JSf9G6M9/fbtWszaU4wERR4=
=m/kC
-----END PGP SIGNATURE-----
--- End Message ---
