Your message dated Mon, 29 Feb 2016 07:32:20 +0000 with message-id <e1aaijy-0007pp...@franck.debian.org> and subject line Bug#812455: fixed in glibc 2.19-18+deb8u3 has caused the Debian Bug report #812455, regarding glibc: CVE-2015-8779: Unbounded stack allocation in catopen function to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 812455: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812455 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: glibc Version: 2.19-18 Severity: important Tags: security upstream Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=17905 Hi, the following vulnerability was published for glibc. CVE-2015-8779[0]: catopen() Multiple unbounded stack allocations If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-8779 [1] https://sourceware.org/bugzilla/show_bug.cgi?id=17905 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: glibc Source-Version: 2.19-18+deb8u3 We believe that the bug you reported is fixed in the latest version of glibc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 812...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aurelien Jarno <aure...@debian.org> (supplier of updated glibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 11 Feb 2016 23:31:28 +0100 Source: glibc Binary: libc-bin libc-dev-bin glibc-doc glibc-source locales locales-all nscd multiarch-support libc6 libc6-dev libc6-dbg libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc libc6-dev-sparc libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mips32 libc6-dev-mips32 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-x32 libc6-dev-x32 libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libc6-loongson2f libnss-dns-udeb libnss-files-udeb Architecture: source all amd64 Version: 2.19-18+deb8u3 Distribution: stable-security Urgency: medium Maintainer: Aurelien Jarno <aure...@debian.org> Changed-By: Aurelien Jarno <aure...@debian.org> Description: glibc-doc - GNU C Library: Documentation glibc-source - GNU C Library: sources libc-bin - GNU C Library: Binaries libc-dev-bin - GNU C Library: Development binaries libc0.1 - GNU C Library: Shared libraries libc0.1-dbg - GNU C Library: detached debugging symbols libc0.1-dev - GNU C Library: Development Libraries and Header Files libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64 libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64 libc0.1-i686 - GNU C Library: Shared libraries [i686 optimized] libc0.1-pic - GNU C Library: PIC archive library libc0.1-udeb - GNU C Library: Shared libraries - udeb (udeb) libc0.3 - GNU C Library: Shared libraries libc0.3-dbg - GNU C Library: detached debugging symbols libc0.3-dev - GNU C Library: Development Libraries and Header Files libc0.3-i686 - GNU C Library: Shared libraries [i686 optimized] libc0.3-pic - GNU C Library: PIC archive library libc0.3-udeb - GNU C Library: Shared libraries - udeb (udeb) libc0.3-xen - GNU C Library: Shared libraries [Xen version] libc6 - GNU C Library: Shared libraries libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64 libc6-dbg - GNU C Library: detached debugging symbols libc6-dev - GNU C Library: Development Libraries and Header Files libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64 libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64 libc6-dev-mips32 - GNU C Library: o32 Development Libraries for MIPS libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64 libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64 libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for ppc64 libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64 libc6-dev-s390 - GNU C Library: 32bit Development Libraries for IBM zSeries libc6-dev-sparc - GNU C Library: 32bit Development Libraries for SPARC libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC libc6-dev-x32 - GNU C Library: X32 ABI Development Libraries for AMD64 libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64 libc6-i686 - GNU C Library: Shared libraries [i686 optimized] libc6-loongson2f - GNU C Library: Shared libraries (Loongson 2F optimized) libc6-mips32 - GNU C Library: o32 Shared libraries for MIPS libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64 libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64 libc6-pic - GNU C Library: PIC archive library libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64 libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64 libc6-s390 - GNU C Library: 32bit Shared libraries for IBM zSeries libc6-sparc - GNU C Library: 32bit Shared libraries for SPARC libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC libc6-udeb - GNU C Library: Shared libraries - udeb (udeb) libc6-x32 - GNU C Library: X32 ABI Shared libraries for AMD64 libc6-xen - GNU C Library: Shared libraries [Xen version] libc6.1 - GNU C Library: Shared libraries libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized) libc6.1-dbg - GNU C Library: detached debugging symbols libc6.1-dev - GNU C Library: Development Libraries and Header Files libc6.1-pic - GNU C Library: PIC archive library libc6.1-udeb - GNU C Library: Shared libraries - udeb (udeb) libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb) libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb) locales - GNU C Library: National Language (locale) data [support] locales-all - GNU C Library: Precompiled locale data multiarch-support - Transitional package to ensure multiarch compatibility nscd - GNU C Library: Name Service Cache Daemon Closes: 812441 812445 812455 Changes: glibc (2.19-18+deb8u3) stable-security; urgency=medium . [ Aurelien Jarno ] * Update from upstream stable branch: - Fix segmentation fault caused by passing out-of-range data to strftime() (CVE-2015-8776). Closes: #812445. - Fix an integer overflow in hcreate() and hcreate_r() (CVE-2015-8778). Closes: #812441. - Fix multiple unbounded stack allocations in catopen() (CVE-2015-8779). Closes: #812455. * patches/any/local-CVE-2015-7547.diff: new patch to fix glibc getaddrinfo stack-based buffer overflow (CVE-2015-7547). Checksums-Sha1: c5623077cc29173411f8640eb0a65376c874f774 8238 glibc_2.19-18+deb8u3.dsc dab2c05a54357c1734226c5849dfc8ed39bc735a 1039748 glibc_2.19-18+deb8u3.debian.tar.xz e4e0e5b19fdb548c54b71cdcc88389d00292da66 2267448 glibc-doc_2.19-18+deb8u3_all.deb f9257857feeaa337c1465c6caf541e6783ff1ce0 14241316 glibc-source_2.19-18+deb8u3_all.deb 83de00cddf27914cdd8c578c798934298fb3d345 3944088 locales_2.19-18+deb8u3_all.deb Checksums-Sha256: f8bf87a6534af05ee633e641618d186624df3eae1525e7f0c7ea3052c01631c4 8238 glibc_2.19-18+deb8u3.dsc 17fe23e6d8c09bb562d6413a40c9f4469d05dcb76c9810bd3bbaf73088d05aa8 1039748 glibc_2.19-18+deb8u3.debian.tar.xz 88a9e63fb21bd6ead3b8c9a9fc28557740db42fd6c558155a4c823eaa305941c 2267448 glibc-doc_2.19-18+deb8u3_all.deb aab3af4878fc2d51dcd892c700cf2dbad45f4a39b202ac35f7413bb77ec7849b 14241316 glibc-source_2.19-18+deb8u3_all.deb 5b946def9a80ca9af4baa073e41068181dcec977dc9dbd2a6ed53ab2f8a2a0b9 3944088 locales_2.19-18+deb8u3_all.deb Files: 1694093d17c2b0235e99947e7731924b 8238 libs required glibc_2.19-18+deb8u3.dsc d392c1bad0f2915adc6012ce79da7946 1039748 libs required glibc_2.19-18+deb8u3.debian.tar.xz 8c27c6af1180cd9383769d6a7317288f 2267448 doc optional glibc-doc_2.19-18+deb8u3_all.deb 7703518c12e2b1d8126f5e1a279ff67c 14241316 devel optional glibc-source_2.19-18+deb8u3_all.deb da2a96fc8df00c1a916a0ffa434f8d2a 3944088 localization standard locales_2.19-18+deb8u3_all.deb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWvRUaAAoJELqceAYd3YybcB8QAIvD3IWcO7rzknRsimAsCyJX /q/dnhNQMpnfgCagKiDUBBvUjyCJLZ3SOUvNIqLuI+JMjKj3QEprRYjQP7k/EUJ9 rsF8pcIi1KsTBUuuueBqlvP3jkQ98mVctqqjaG/2WFvw6BX/Tl9RCwR9gn1MFZ/f Z2WyuCySp3nH4sYLZZU8CeXL7vO36vEDWhib9QSj31ajvSv75MmFX2g4g7PplefP vwFIamKVhd6eudfF3tji6+cVh5Athiyb2P8SC8yYRnRjL9/U5NP1piq3U0AcRShr 6dgPjJLzoAqyaZG7m6ElSsqbm0tA4aMrV1lNdvvlIh+P7maI4ZP9axJAIoRQ6EM8 lSA/0QAsB2/awqssROWmVjwLt/vRYB2VWkCIZ4KxfcqaP+h5UFl3up7prgdO76yB X+y7h8GB+g0/AZdUeBW08XrBRuDvlujREawn0vZFytCI8eHOIJSTD4SIp9HuurPP BB4lll3ePJg7aNIAODroPjtMM/zV2M8A6Cc2tsQ3BB9/btD8UvE2ZIsWs3KBTpwG Ff/vKBqhGEnZXMBj9+DfAr0yue4e6rZNKQbmoDlLFGA2OIDgSVQrAxQPCoolRj1E wnzaczua2CvLQ5FPHvoK5QfjneYcnzkCqEnKt/xxOOQplD7DngOyxmm9LMBAe1n2 9CKL1AY5IVtc8WdIRxqk =0kDR -----END PGP SIGNATURE-----
--- End Message ---
