Bug#704623: marked as done (eglibc: CVE-2013-1914: getaddrinfo() stack overflow)

[Debian Bug Tracking System]

Your message dated Sun, 12 May 2013 18:17:56 +0000
with message-id <e1ubaqk-0004go...@franck.debian.org>
and subject line Bug#704623: fixed in eglibc 2.17-2
has caused the Debian Bug report #704623,
regarding eglibc: CVE-2013-1914: getaddrinfo() stack overflow
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
704623: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704623
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: eglibc
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for eglibc.

CVE-2013-1914[0]:
getaddrinfo() stack overflow

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914
    http://security-tracker.debian.org/tracker/CVE-2013-1914
[1] https://bugzilla.novell.com/show_bug.cgi?id=813121
[2] http://marc.info/?l=oss-security&m=136498744329621&w=2

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: eglibc
Source-Version: 2.17-2

We believe that the bug you reported is fixed in the latest version of
eglibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 704...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aure...@debian.org> (supplier of updated eglibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 12 May 2013 16:46:17 +0200
Source: eglibc
Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd 
multiarch-support libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb 
libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 
libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 
libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 
libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 
libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc 
libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 
libc6-mips64 libc6-dev-mips64 libc6-armhf libc6-dev-armhf libc6-armel 
libc6-dev-armel libc0.1-i386 libc0.1-dev-i386 libc6-x32 libc6-dev-x32 
libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 
libc6-loongson2f libnss-dns-udeb libnss-files-udeb
Architecture: source all kfreebsd-i386
Version: 2.17-2
Distribution: unstable
Urgency: low
Maintainer: Aurelien Jarno <aure...@debian.org>
Changed-By: Aurelien Jarno <aure...@debian.org>
Description: 
 eglibc-source - Embedded GNU C Library: sources
 glibc-doc  - Embedded GNU C Library: Documentation
 libc-bin   - Embedded GNU C Library: Binaries
 libc-dev-bin - Embedded GNU C Library: Development binaries
 libc0.1    - Embedded GNU C Library: Shared libraries
 libc0.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for 
AMD64
 libc0.1-i386 - Embedded GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - Embedded GNU C Library: PIC archive library
 libc0.1-prof - Embedded GNU C Library: Profiling Libraries
 libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - Embedded GNU C Library: Shared libraries
 libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.3-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.3-pic - Embedded GNU C Library: PIC archive library
 libc0.3-prof - Embedded GNU C Library: Profiling Libraries
 libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3-xen - Embedded GNU C Library: Shared libraries [Xen version]
 libc6      - Embedded GNU C Library: Shared libraries
 libc6-amd64 - Embedded GNU C Library: 64bit Shared libraries for AMD64
 libc6-armel - Embedded GNU C Library: ARM softfp shared libraries for armhf
 libc6-armhf - Embedded GNU C Library: ARM hard float shared libraries for armel
 libc6-dbg  - Embedded GNU C Library: detached debugging symbols
 libc6-dev  - Embedded GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - Embedded GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-armel - Embedded GNU C Library: ARM softfp development libraries for 
armh
 libc6-dev-armhf - Embedded GNU C Library: ARM hard float development libraries 
for
 libc6-dev-i386 - Embedded GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips64 - Embedded GNU C Library: 64bit Development Libraries for 
MIPS64
 libc6-dev-mipsn32 - Embedded GNU C Library: n32 Development Libraries for 
MIPS64
 libc6-dev-powerpc - Embedded GNU C Library: 32bit powerpc development 
libraries for p
 libc6-dev-ppc64 - Embedded GNU C Library: 64bit Development Libraries for 
PowerPC64
 libc6-dev-s390 - Embedded GNU C Library: 32bit Development Libraries for IBM 
zSeri
 libc6-dev-s390x - Embedded GNU C Library: 64bit Development Libraries for IBM 
zSeri
 libc6-dev-sparc64 - Embedded GNU C Library: 64bit Development Libraries for 
UltraSPAR
 libc6-dev-x32 - Embedded GNU C Library: X32 ABI Development Libraries for AMD64
 libc6-i386 - Embedded GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc6-loongson2f - Embedded GNU C Library: Shared libraries (Loongson 2F 
optimized)
 libc6-mips64 - Embedded GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - Embedded GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - Embedded GNU C Library: PIC archive library
 libc6-powerpc - Embedded GNU C Library: 32bit powerpc shared libraries for 
ppc64
 libc6-ppc64 - Embedded GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-prof - Embedded GNU C Library: Profiling Libraries
 libc6-s390 - Embedded GNU C Library: 32bit Shared libraries for IBM zSeries
 libc6-s390x - Embedded GNU C Library: 64bit Shared libraries for IBM zSeries
 libc6-sparc64 - Embedded GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc6-x32  - Embedded GNU C Library: X32 ABI Shared libraries for AMD64
 libc6-xen  - Embedded GNU C Library: Shared libraries [Xen version]
 libc6.1    - Embedded GNU C Library: Shared libraries
 libc6.1-alphaev67 - Embedded GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc6.1-pic - Embedded GNU C Library: PIC archive library
 libc6.1-prof - Embedded GNU C Library: Profiling Libraries
 libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - Embedded GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - Embedded GNU C Library: NSS helper for files - udeb (udeb)
 locales    - Embedded GNU C Library: National Language (locale) data [support]
 locales-all - Embedded GNU C Library: Precompiled locale data
 multiarch-support - Transitional package to ensure multiarch compatibility
 nscd       - Embedded GNU C Library: Name Service Cache Daemon
Closes: 631242 695077 699399 704623 707091 707802 707813
Changes: 
 eglibc (2.17-2) unstable; urgency=low
 .
   [ Adam Conrad ]
   * debian/patches/any/unsubmitted-cloexec-conditional.diff: Catch yet
     another unconditional O_CLOEXEC and conditionalize it for freebsd.
   * debian/patches/kfreebsd/local-HAVE_TLS_SUPPORT.diff: Removed, as
     this is no longer needed by the updated glibc-bsd sysdeps upstream.
   * debian/patches/any/cvs-regexp-overrun.diff: Backport patch from git
     to resolve regex matcher overrun, CVE-2013-0242 (Closes: #699399)
   * debian/sysdeps/ia64.mk, debian/control: Switch ia64 back to gcc-4.6,
     as our world explodes when compiled with gcc-4.7 on ia64 right now.
 .
   [ Aurelien Jarno ]
   * patches/any/cvs-sys-param-h-DEV_BSIZE.diff: New patch to fix
     conflict with kFreeBSD kernel headers.
   * patches/kfreebsd/local-linuxthreads-TLS-THREAD.diff: New patch to remove
     conditional defines on USE___THREAD and HAVE_TLS_SUPPORT.
   * patches/kfreebsd/local-linuxthreads-mutex-initializer.diff: New patch to
     define MUTEX_INITIALIZER.
   * Japanese debconf translation update from Nobuhiro Iwamatsu.
     closes: #695077.
   * patches/any/cvs-getaddrinfo-stack-overflow.diff: New patch to fix
     a stack overflow in getaddrinfo(), CVE-2013-1914. Closes: #704623.
   * patches/any/local-missing-linux_types.h.diff: Drop, not need anymore.
   * local/manpages/ld.so.8: drop --ignore-rpath documentation.  Closes:
     #707802.
   * patches/all/local-ldd.diff: check if the dynamic linker works before
     using it. Closes: #631242, #707091.
   * patches/kfreebsd/local-scripts.diff: remove dynamic linker name, now
     handled by abi-variants.
   * debian/control.in/main: remove ${misc:Depends} from libc Depends: field to
     not get a dependency on debconf.  Closes: #707813.
   * patches/localedata/submitted-locale-bo.diff: New patch to fix bo_IN and
     bo_CN locales, causing localedef to fail and localechooser to FTBFS.
 .
   [ Petr Salinger ]
   * patches/kfreebsd/local-linuxthreads-initfini.diff: follow upstream
     changes in startup code
   * patches/kfreebsd/local-no-pldd.diff: pldd is linux only utility
   * patches/kfreebsd/local-nscd-nosendfile-fix.diff: handle system without
     sendfile syscall
   * patches/kfreebsd/local-linuxthreads-stackguard.diff: handle elf subdir
     removal
   * patches/kfreebsd/local-freopen.diff: support architecture without dup3()
   * patches/kfreebsd/local-linuxthreads-ctype_init.diff: follow upstream
     changes in ctype initialization
   * re-enable lost any/local-linuxthreads-XPG7.diff
                   any/local-linuxthreads-setclock.diff
   * drop obsolete any/local-linuxthreads-unwind.diff
                   any/local-linuxthreads-lowlevellock.diff
   * kfreebsd/local-sysdeps.diff: update to revision 4431 (from glibc-bsd).
   * Add into testsuite-checking/expected-results-*-kfreebsd-gnu-*
     tst-timer5 test and new tst-backtrace[4-6] tests that are known to fail.
   * raise version dependency on g++-4.7 (>= 4.7.3-4) [kfreebsd-amd64] due to
     multilib problems in earlier versions
Checksums-Sha1: 
 4ceb94bf87cd23363861d2a79512b1e0e953fb54 5197 eglibc_2.17-2.dsc
 c7cb8578458e3777f011922829516781ab2a1205 805684 eglibc_2.17-2.debian.tar.xz
 055b3422940a4d84c73bc40888ba0012c553a904 2123464 glibc-doc_2.17-2_all.deb
 9c4a9913c494e7f916f2db030e20a8a4da04302d 13945448 eglibc-source_2.17-2_all.deb
 0f29f0e9103b2081e6c6c5b8af36b3fb83134f3a 3839054 locales_2.17-2_all.deb
 e1100625d6c4660283b3469bda37799c56adfa6b 3886104 
libc0.1_2.17-2_kfreebsd-i386.deb
 96257fa1c7d7b85ae063055294b32b153e438e17 2139152 
libc0.1-dev_2.17-2_kfreebsd-i386.deb
 6c938152a039ac11135e29a9595d1f6664401902 1153984 
libc0.1-pic_2.17-2_kfreebsd-i386.deb
 98fb5c9ba9feac7027890dfaaa9b8708d49f190f 1212418 
libc-bin_2.17-2_kfreebsd-i386.deb
 9daaaca49e255bf1649b88ecad4dfaf27b8bd534 229124 
libc-dev-bin_2.17-2_kfreebsd-i386.deb
 756c0f4bcebcb2a34b252ecc06214da4c3de21e1 159164 
multiarch-support_2.17-2_kfreebsd-i386.deb
 aa40b6617072348ba913a8d528b62b335a6c5911 1180404 
libc0.1-prof_2.17-2_kfreebsd-i386.deb
 7c977508123e63084f7e5ff7f97de5d9f128c25d 3156400 
locales-all_2.17-2_kfreebsd-i386.deb
 dd5235a68b4790954674b91a5707df98922d4965 1309228 
libc0.1-i686_2.17-2_kfreebsd-i386.deb
 d2e0c2fb695113c515c26ec607378b9509db6d0d 224766 nscd_2.17-2_kfreebsd-i386.deb
 f5811b31777a0543396938e833d8e9e158029366 4515718 
libc0.1-dbg_2.17-2_kfreebsd-i386.deb
 6ded64f02d768702e587d87fd85b503a45a933b4 755194 
libc0.1-udeb_2.17-2_kfreebsd-i386.udeb
 df84eb8da7750302066f99901657822aeacf1e09 9622 
libnss-dns-udeb_2.17-2_kfreebsd-i386.udeb
 99b885b4496bf75c5900d6d2e066909bc97c8b71 15922 
libnss-files-udeb_2.17-2_kfreebsd-i386.udeb
Checksums-Sha256: 
 d224cc4ca1ad23216702ab1114b1a5aad7733410d97ca984ffd74e619bad0ece 5197 
eglibc_2.17-2.dsc
 69583f182e9935caa7a1bc0db945987c0e121627b9e6ad2b35096ed282c36f35 805684 
eglibc_2.17-2.debian.tar.xz
 bdbbbb7d6b00e453a645e2676ddf5ca42a84384772c1644f5a3dda16af30344b 2123464 
glibc-doc_2.17-2_all.deb
 67af97bb6d89a0bce94741ca1b02e6eac7a18ee9d7a279994953b826985e625a 13945448 
eglibc-source_2.17-2_all.deb
 2554c5eaf53a6c1f45c9f2ed255b67d940651111fa64de2f843421cbfdae8e6f 3839054 
locales_2.17-2_all.deb
 4294692f918e989dc70a655b7f5f2b25d07a62d4a2fa605a494db44affa04c25 3886104 
libc0.1_2.17-2_kfreebsd-i386.deb
 e3112b25779ceea43175bbe257f12ae9624ebefef1cd7af7ef043c651bc4f99c 2139152 
libc0.1-dev_2.17-2_kfreebsd-i386.deb
 69fc0573d32cf668852642ac660580934ddc37e7a5adb54445c60fd298cc36f7 1153984 
libc0.1-pic_2.17-2_kfreebsd-i386.deb
 9d56aad63d475322a20b02a0dc4ff1a519db223cea5dfd3de93bfe5df71f49c9 1212418 
libc-bin_2.17-2_kfreebsd-i386.deb
 a1caeceb2c6423a4bdbd5ff35d0668bb88904ab0432058bc0f010492d4b4226e 229124 
libc-dev-bin_2.17-2_kfreebsd-i386.deb
 964d4ea68557137d7b1069ac5022941157605a9024592e62add9fba19d629487 159164 
multiarch-support_2.17-2_kfreebsd-i386.deb
 46198458aa86d19e0e75b4cd1644600a4aa7552186b52b124553018cef547980 1180404 
libc0.1-prof_2.17-2_kfreebsd-i386.deb
 468180a4affef71e2c55d30afdd07acc4360d865f039149ebb486b144df8a77e 3156400 
locales-all_2.17-2_kfreebsd-i386.deb
 003a6dff78d6dead84ae0bd043912f003de18b9a30eae43403c58b7416b919ad 1309228 
libc0.1-i686_2.17-2_kfreebsd-i386.deb
 9eb922e8b0db4759ca24dceea7882b2334c797b22399c3118face46d2ee0b5e6 224766 
nscd_2.17-2_kfreebsd-i386.deb
 4f8824fed8b538abd2e852b9353dca54b616c67a49af457e52daa19295888226 4515718 
libc0.1-dbg_2.17-2_kfreebsd-i386.deb
 ac2ccc88f6429d5b80a72ae3e21c38e8d31a5831134b97db954d0ddca71746e2 755194 
libc0.1-udeb_2.17-2_kfreebsd-i386.udeb
 f7fa579043711998c36d81f030007fceea1e22cf830fd217f256927fff395408 9622 
libnss-dns-udeb_2.17-2_kfreebsd-i386.udeb
 c0aa7545719b6f18ce7e96c95fc63a4bf5dafd248d60d4b00ed735af39ad9f88 15922 
libnss-files-udeb_2.17-2_kfreebsd-i386.udeb
Files: 
 39b444955ba206762b9fdba93db1a4d2 5197 libs required eglibc_2.17-2.dsc
 0143a538a044006811729b63dc75fcab 805684 libs required 
eglibc_2.17-2.debian.tar.xz
 405c4a0cdcf0794e2e1e2a86d659b2a9 2123464 doc optional glibc-doc_2.17-2_all.deb
 cd97b4a50c29fb925180a83a90d12eba 13945448 devel optional 
eglibc-source_2.17-2_all.deb
 08c820adbebaff5e4f1f53ed909dc042 3839054 localization standard 
locales_2.17-2_all.deb
 499ff74e2195174053217c161f69a18a 3886104 libs required 
libc0.1_2.17-2_kfreebsd-i386.deb
 2fe7526ea2d294e8a01178abefc5d17c 2139152 libdevel optional 
libc0.1-dev_2.17-2_kfreebsd-i386.deb
 84f26eae80a5df9071c78f0c4380bd10 1153984 libdevel optional 
libc0.1-pic_2.17-2_kfreebsd-i386.deb
 009112de6f37e9ebd3a626cc3d7add3b 1212418 libs required 
libc-bin_2.17-2_kfreebsd-i386.deb
 8f246fb96acade5c1631a4c7cc32894b 229124 libdevel optional 
libc-dev-bin_2.17-2_kfreebsd-i386.deb
 07c4657693c18db0c7f79527add63efe 159164 libs required 
multiarch-support_2.17-2_kfreebsd-i386.deb
 bb8df5d52b2886d506f7c3248a4a08e9 1180404 libdevel extra 
libc0.1-prof_2.17-2_kfreebsd-i386.deb
 eb296f0ba351633948accf57cd4593d3 3156400 localization extra 
locales-all_2.17-2_kfreebsd-i386.deb
 f1ad1303a9508b755bdc9b21f2cbe819 1309228 libs extra 
libc0.1-i686_2.17-2_kfreebsd-i386.deb
 cad2e73d0aa3a3d76a4e43c8a999f8d2 224766 admin optional 
nscd_2.17-2_kfreebsd-i386.deb
 3bd9f2c43abd23b464624fe89aefdfe1 4515718 debug extra 
libc0.1-dbg_2.17-2_kfreebsd-i386.deb
 97a620aec6be0f867135a6389cea4cd5 755194 debian-installer extra 
libc0.1-udeb_2.17-2_kfreebsd-i386.udeb
 ca251c3f7a5083a974253cd7e85f5f41 9622 debian-installer extra 
libnss-dns-udeb_2.17-2_kfreebsd-i386.udeb
 33beffcf000ec90a27c4af1d6af34273 15922 debian-installer extra 
libnss-files-udeb_2.17-2_kfreebsd-i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/kFreeBSD)

iD8DBQFRj8FZw3ao2vG823MRAtpGAJsH4IGeI4Y9N2BL7kQCFj2p1LRpFwCfcdKk
zw1N8ubRw+HCGGJwMLrEqOk=
=6WbJ
-----END PGP SIGNATURE-----

--- End Message ---