On 2016-08-28 14:59, Adam D. Barratt wrote: > On Fri, 2016-08-19 at 11:23 +0200, Aurelien Jarno wrote: > > On 2016-08-15 15:29, Aurelien Jarno wrote: > [...] > > > I would like to upload a new glibc package for the next jessie release. > > > > In the meantime a new security issue (CVE-2016-6323) has been found and > > backported to the upstream 2.19 stable branch. I would like to also > > include this change into the jessie upload. You will find updated diff > > and debdiff attached. > > The Security Tracker suggests that the issue applies to glibc in > unstable and is not yet fixed there; is that correct? This is indeed correct. This fix is in our git tree ready for the 2.24-1 upload, but it hasn't happened yet as we are waiting for a transition slot (see #834855). The changes itself is relatively small and self contained. See: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617 Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurelien@aurel32.net http://www.aurel32.net
Attachment:
signature.asc
Description: PGP signature