On 2017-04-23 21:18, Adam D. Barratt wrote: > On Thu, 2017-04-13 at 23:19 +0200, Aurelien Jarno wrote: > > I would like to upload a new glibc package for the next jessie release. > > Here is the changelog with some additional comment: > > > > * Update from upstream stable branch: > > - Fix PowerPC sqrt inaccuracy. Closes: #855606. > > > > This fixes a regression introduced in glibc 2.19-18+deb8u7, which > > slightly lower the precision of the sqrt function on PowerPC. This > > notably causes failures in the postgresql testsuite. This code is > > already present in stretch/sid. > > > > * patches/any/cvs-resolv-internal-qtype.diff: patch from upstream to fix a > > NULL pointer dereference in libresolv when receiving a T_UNSPEC internal > > QTYPE (CVE-2015-5180). Closes: #796106. > > > > This is a long standing security issue that has been fixed recently. > > It basically change the value of a constant so that it can't only be > > generated internally. The patch is already present in stretch/sid. > > While I doubt that either of the above should have any noticeable effect > on the installer, I'd appreciate a d-i ack in any case; CCing. As said on IRC, I have been pointed that the second patch actually breaks the breaks libnss/libnss-dns ABI. This means that the resolver might not work correctly if all the binaries using libnss are restarted. The same way there might be an issue on the d-i side if the libc in d-i and libnss-dns-udeb are out of sync. Therefore I'll do a new upload without the patch fixing CVE-2015-5180, leaving only the PowerPC fix. That should be either today or tomorrow. Sorry about this complication. Regards, Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurelien@aurel32.net http://www.aurel32.net
Attachment:
signature.asc
Description: PGP signature