Bug#865381: unblock: glibc/2.24-12
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
glibc version 2.24-12 includes an important security fix
(CVE-2017-1000366) that should probably fixed asap in buster. It
contains other changes which should have no impact on
debian-installer. Here is the full changelog:
| glibc (2.24-12) unstable; urgency=high
|
| [ Aurelien Jarno ]
| * debian/patches/git-updates.diff: update from upstream stable branch:
| - Drop patches/any/cvs-remove-pid-tid-cache-clone.diff (merged upstream).
| - Remove wrong assertion on parent PID in fork.
| - Fix 64-bit atomics on m68k. Closes: #855692.
| * debian/debhelper.in/libc.templates: update the kernel 3.2 warning to
| mention that the support limitation comes from Debian and not from
| upstream. Closes: #864720.
| * debian/rules, debian/rules.d/build.mk: do not capture the build path
| when generating glibc-source tarball. Closes: #861183.
| * debian/control.in/main: build-depends on gperf. Closes: #847478.
| * debian/patches/hppa/submitted-longjmp.diff: new patch from Helge Deller
| to fix longjmp on hppa. Closes: #858738.
| * debian/sysdeps/mipsel.mk, debian/sysdeps/mips64el.mk: leave the default
| GCC ISA level, currently MIPS32R2/MIPS64R2.
| * debian/patches/any/local-CVE-2017-1000366-rtld-LD_AUDIT.diff,
| debian/patches/any/local-CVE-2017-1000366-rtld-LD_LIBRARY_PATH.diff,
| debian/patches/any/local-CVE-2017-1000366-rtld-LD_PRELOAD.diff: add
| patches to protect the dynamic linker against stack clashes
| (CVE-2017-1000366).
| * debian/patches/any/cvs-vectorized-strcspn-guards.diff: patch backported
| from upstream to allow usage of strcspn in ld.so.
| * debian/patches/any/cvs-hwcap-AT_SECURE.diff: patch backported from
| upstream to disable HWCAP for AT_SECURE programs.
|
| [ John Paul Adrian Glaubitz ]
| * debian/sysdeps/sh3.mk: copy from sh4.mk. Closes: #851867.
|
| -- Aurelien Jarno <aurel32@debian.org> Sun, 18 Jun 2017 20:04:53 +0200
Could you therefore please unblock this package:
unblock glibc/2.24-12
Thanks,
Aurelien
-- System Information:
Debian Release: 9.0
APT prefers stable
APT policy: (990, 'stable'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Reply to: