On Mon, Mar 22, 2010 at 06:55:00PM +0100, Lukas Kolbe wrote:
> Package: nscd
> Version: 2.7-18lenny2
> Severity: grave
>
> Hi,
>
> on all (?) our servers we see repeated crashes of nscd:
>
> [ 3687.306397] nscd[3340]: segfault at 10 ip 7f6b22ce3685 sp
> 7fffc977bb60 error 6 in nscd[7f6b
On Thu, Jul 29, 2010 at 10:30:51AM +0200, Lukas Kolbe wrote:
> Hi again,
>
> > I'm currently setting up a similar test environment with Lenny
> > and Squeeze to see if I can reproduce it.
> >
> > nscd has configuration options to force a continuous restart, see
> > the options "paranoia" and "res
On Fri, Jul 30, 2010 at 10:59:35AM +0200, Lukas Kolbe wrote:
> Am Donnerstag, den 29.07.2010, 21:00 -0400 schrieb Moritz Muehlenhoff:
I couldn't test a bigger LDAP setup with sid during DebConf, since my
notebook turned out to be too short of memory for such a setup inside
virtualbox.
Package: eglibc
Severity: wishlist
Currently Debian provides a separate source package libnss-db, which
includes an old, outdated copy of the Berkely DB NSS modules, which
are actually included in glibc/eglibc.
Please build the NSS modules from the eglibc source package, so that
it replaces libns
On Thu, Aug 07, 2008 at 07:25:37AM +, Aurelien Jarno wrote:
> # Automatically generated email from bts, devscripts version 2.9.26
> tags 492778 + pending
What's the status? This is marked pending for nearly two months now.
Is there any way people can help to resolve this?
Cheers,
Mor
Source: glibc
Severity: important
Tags: security
Hi,
two security issues are currently open in jessie:
CVE-2014-9402:
Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=17630
Fix:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f80af76648ed97a76745fad6caa3315a79cb1c7c
CVE-2014-7817:
https
Package: glibc
Severity: grave
Tags: security
Justification: user security hole
Hi,
please see https://sourceware.org/bugzilla/show_bug.cgi?id=16618
The patch is here:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06
This was introduced by
https://sou
retitle: glibc: CVE-2015-1472 CVE-2015-1473
thanks
On Fri, Feb 06, 2015 at 08:43:37AM +0100, Moritz Muehlenhoff wrote:
> please see https://sourceware.org/bugzilla/show_bug.cgi?id=16618
> The patch is here:
> https://sourceware.org/git/gitweb.cgi?p=gl
Package: glibc
Severity: important
Tags: security
Hi,
these three new security issues are unfixed in jessie/sid:
1. Unexpected closing of nss_files databases after
lookups causes denial of service (CVE-2014-8121):
Patch: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8121
(fix not yet merg
Source: glibc
Severity: important
Tags: security
Hi,
please see https://sourceware.org/bugzilla/show_bug.cgi?id=18287
Fix:
https://sourceware.org/git/?p=glibc.git;a=commit;h=2959eda9272a03386
Cheers,
Moritz
Source: glibc
Severity: important
Tags: security
Please see https://sourceware.org/bugzilla/show_bug.cgi?id=18784
for details. Unfixed upstream ATM.
Cheers,
Moritz
Source: glibc
Severity: important
Tags: security
This was assigned CVE-2015-5277:
https://sourceware.org/bugzilla/show_bug.cgi?id=17079
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=ac60763eac3d43b7234dd21286ad3ec3f17957fc
Cheers,
Moritz
Package: glibc
Severity: important
Tags: security
Justification: user security hole
Please see http://www.openwall.com/lists/oss-security/2015/09/05/8
for details.
Cheers,
Moritz
On Thu, Feb 04, 2010 at 01:02:32PM +0100, Aurelien Jarno wrote:
> Deng Xiyue a écrit :
> > On Tue, Jan 26, 2010 at 05:44:53PM +0100, Aurelien Jarno wrote:
> >> Sven Joachim a écrit :
> >>> [ Putting the glibc maintainers and the mips porters into the loop.
> >>> Summary: emacs23-nox aborts with m
Package: eglibc
Severity: important
Tags: security
This was only recently assigned a CVE ID, but since the initial
discussion was from 2009, this is a CVE-2009-* ID.
There's an integer overflow in tzfile processing, please see
the Red Hat bugzilla for more descriptions and links to
the glibc upst
Package: eglibc
Severity: important
Please enable hardened build flags through dpkg-buildflags
for the userspace tools like nscd and libc6-bin.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...
Package: eglibc
Severity: important
Tags: security
Please see http://sourceware.org/bugzilla/show_bug.cgi?id=13656
Current proposed patch:
http://sourceware.org/ml/libc-alpha/2012-02/msg00073.html
Could you also merge this in the Squeeze branch once a final fix is
available?
Cheers,
Mor
Package: eglibc
Severity: important
Tags: security
There was a security issue in RPC handling, which is unfixed in Squeeze
and sid:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4609
The Bugzilla entry has a fix for glibc. I'm attaching a eglibc version
of that patch from Ubuntu to this bu
Package: eglibc
Severity: important
Tags: security
This appears to be still unfixed in sid:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1658
These fixes were made for glibc:
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=96611391
http://sourceware.org/git/?p=glibc.git;a=commitdiff
Package: eglibc
Severity: important
Tags: security
Hi,
please see http://www.openwall.com/lists/oss-security/2012/07/11/17 for details
and references to upstream patches.
The security impact is rather low IMO; if the format strings are under control
of a attacker, this opens a whole can of worms
Package: eglibc
Severity: grave
Tags: security
Justification: user security hole
Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3480
for more details.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org
with a subject of "unsubscribe". Trou
Package: eglibc
Severity: important
Tags: security
Justification: user security hole
Please see
http://www.openwall.com/lists/oss-security/2012/09/07/9
http://sourceware.org/bugzilla/show_bug.cgi?id=14547
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org
Package: eglibc
Severity: important
Tags: security
Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4424
There's no fix upstream yet:
http://sourceware.org/bugzilla/show_bug.cgi?id=14547
http://sourceware.org/bugzilla/show_bug.cgi?id=14552
Cheers,
Moritz
--
To UNSUBSCR
Package: eglibc
Severity: important
Tags: security
Please see http://hmarco.org/bugs/CVE-2013-4788.html for details.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
Package: libc-bin
Severity: important
Tags: security
Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2207
--
To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian
Package: eglibc
Severity: important
Tags: security
This was assigned CVE-2013-4237:
http://sourceware.org/bugzilla/show_bug.cgi?id=14699
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.d
On Tue, Aug 13, 2013 at 07:05:49AM +0200, Moritz Muehlenhoff wrote:
> Package: eglibc
> Severity: important
> Tags: security
>
> This was assigned CVE-2013-4237:
> http://sourceware.org/bugzilla/show_bug.cgi?id=14699
Fixed upstream in glibc:
http://sourceware.org/git/gitweb
Package: eglibc
Severity: grave
Tags: security
Justification: user security hole
These three were assigned CVE-2013-4332. The respective glibc fixes are linked
in the bugs:
https://sourceware.org/bugzilla/show_bug.cgi?id=15855
https://sourceware.org/bugzilla/show_bug.cgi?id=15856
https://sourcew
Source: glibc
Severity: important
Please see this blog posting from Chris Evans:
https://scarybeastsecurity.blogspot.com/2017/05/further-hardening-glibc-malloc-against.html
Upstream fix is here:
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=17f487b7afa7cd6c316040f3e6c86dc96b2eec30
Could
Package: libc6
Version: 2.24-17
Severity: important
Tags: security
Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671:
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before
2.27,
when invoked with GLOB_TILDE, could skip freeing allocated memory when
pr
Package: libc6
Version: 2.24-17
Severity: important
Tags: security
Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15670:
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one
error leading to a heap-based buffer overflow in the glob function in
glob.c, relate
On Fri, Jun 04, 2021 at 08:34:50PM +0200, Florian Weimer wrote:
> * Moritz Mühlenhoff:
>
> > Am Wed, Sep 09, 2020 at 12:30:44PM +0200 schrieb Aurelien Jarno:
> >> control: forcemerge 967938 969926
> >>
> >> Hi,
> >>
> >> On 2020-09-09 02:58, Bernd Zeimetz wrote:
> >> > Source: glibc
> >> > Versi
Source: glibc
Severity: important
Tags: security
This was assigned CVE-2018-11237:
https://sourceware.org/bugzilla/show_bug.cgi?id=23196
Cheers,
Moritz
Source: glibc
Severity: important
Tags: security
This has been assigned CVE-2018-11236:
https://sourceware.org/bugzilla/show_bug.cgi?id=22786
Patch is here:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2
Cheers,
Moritz
Source: glibc
Severity: important
Tags: security
Please see
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34140
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34142
https://sourceware.org/bugzilla/show_bug.cgi?id=24114
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=583dd860d5b83303717
Source: glibc
Severity: important
Please see
https://sourceware.org/bugzilla/show_bug.cgi?id=25620
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019
Cheers,
Moritz
36 matches
Mail list logo
