[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#681888: marked as done (CVE-2012-3406: glibc formatted printing vulnerabilities)



Your message dated Sun, 01 Feb 2015 10:04:29 +0000
with message-id <E1YHrOH-0005Zr-Jq@franck.debian.org>
and subject line Bug#681888: fixed in glibc 2.19-14
has caused the Debian Bug report #681888,
regarding CVE-2012-3406: glibc formatted printing vulnerabilities
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
681888: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681888
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: eglibc
Severity: important
Tags: security

Hi,
please see http://www.openwall.com/lists/oss-security/2012/07/11/17 for details
and references to upstream patches.

The security impact is rather low IMO; if the format strings are under control
of a attacker, this opens a whole can of worms anyway.

Still, it would be nice to get these fixed for Wheezy and for Squeeze in a point
update.

Cheers,
        Moritz



--- End Message ---
--- Begin Message ---
Source: glibc
Source-Version: 2.19-14

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 681888@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 01 Feb 2015 00:32:31 +0100
Source: glibc
Binary: libc-bin libc-dev-bin glibc-doc glibc-source locales locales-all nscd multiarch-support libc6 libc6-dev libc6-dbg libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc libc6-dev-sparc libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mips32 libc6-dev-mips32 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-x32 libc6-dev-x32 libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libc6-loongson2f libnss-dns-udeb libnss-files-udeb
Architecture: source all amd64
Version: 2.19-14
Distribution: unstable
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description:
 glibc-doc  - GNU C Library: Documentation
 glibc-source - GNU C Library: sources
 libc-bin   - GNU C Library: Binaries
 libc-dev-bin - GNU C Library: Development binaries
 libc0.1    - GNU C Library: Shared libraries
 libc0.1-dbg - GNU C Library: detached debugging symbols
 libc0.1-dev - GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64
 libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - GNU C Library: PIC archive library
 libc0.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - GNU C Library: Shared libraries
 libc0.3-dbg - GNU C Library: detached debugging symbols
 libc0.3-dev - GNU C Library: Development Libraries and Header Files
 libc0.3-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc0.3-pic - GNU C Library: PIC archive library
 libc0.3-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc0.3-xen - GNU C Library: Shared libraries [Xen version]
 libc6      - GNU C Library: Shared libraries
 libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - GNU C Library: detached debugging symbols
 libc6-dev  - GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips32 - GNU C Library: o32 Development Libraries for MIPS
 libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64
 libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64
 libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for ppc64
 libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64
 libc6-dev-s390 - GNU C Library: 32bit Development Libraries for IBM zSeries
 libc6-dev-sparc - GNU C Library: 32bit Development Libraries for SPARC
 libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC
 libc6-dev-x32 - GNU C Library: X32 ABI Development Libraries for AMD64
 libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc6-loongson2f - GNU C Library: Shared libraries (Loongson 2F optimized)
 libc6-mips32 - GNU C Library: o32 Shared libraries for MIPS
 libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - GNU C Library: PIC archive library
 libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64
 libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-s390 - GNU C Library: 32bit Shared libraries for IBM zSeries
 libc6-sparc - GNU C Library: 32bit Shared libraries for SPARC
 libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc6-x32  - GNU C Library: X32 ABI Shared libraries for AMD64
 libc6-xen  - GNU C Library: Shared libraries [Xen version]
 libc6.1    - GNU C Library: Shared libraries
 libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - GNU C Library: detached debugging symbols
 libc6.1-dev - GNU C Library: Development Libraries and Header Files
 libc6.1-pic - GNU C Library: PIC archive library
 libc6.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb)
 locales    - GNU C Library: National Language (locale) data [support]
 locales-all - GNU C Library: Precompiled locale data
 multiarch-support - Transitional package to ensure multiarch compatibility
 nscd       - GNU C Library: Name Service Cache Daemon
Closes: 681888 763705 775572
Changes:
 glibc (2.19-14) unstable; urgency=medium
 .
   [ Samuel Thibault ]
   * patches/hurd-i386/libpthread_spin-lock.diff: New patch to fix spin-lock.h
     inclusion order.
   * patches/hurd-i386/tg-WRLCK-upgrade.diff: New patch to fix atomicity of
     changing between rd locks and wr locks.
   * patches/hurd-i386/cvs-static-dlopen.diff: New patch to fix dlopen from
     static binaries, busybox notably.
   * control.in/main: Bump mig dependency to get _routines@ symbols, bump
     gnumach-dev dependency to get protected payload symbols.
   * libc0.3.symbols.hurd-i386: Update symbols.
   * patches/hurd-i386/submitted-startup-pid2.diff: Remove, replaced by...
   * patches/hurd-i386/tg-reboot-startup.diff: ... new patch to make reboot
     lookup startup through /servers/startup instead of guessing its pid and
     using its message port.
 .
   [ Adam Conrad ]
   * debian/rules.d/tarball.mk: Fix update-from-upstream manual/* filter rule.
 .
   [ Petr Salinger ]
   * kfreebsd/local-sysdeps.diff: update to revision 5688 (from glibc-bsd).
     Do not return EINTR from sigwait. Closes: #763705.
 .
   [ Aurelien Jarno ]
   * debian/patches/any/cvs-wordexp.diff: new patch from upstream to fix a
     command execution in wordexp() with WRDE_NOCMD specified (CVS-2014-7817).
   * debian/patches/any/cvs-getnetbyname.diff: new patch from upstream to fix
     an infinite loop in getnetbyname (CVE-2014-9402). Closes: #775572.
   * debian/patches/any/cvs-vfprintf.diff: new patch from ustream to fix a
     stack overflow in vfprintf (CVE-2012-3406). Closes: #681888.
   * debian/patches/git-updates.diff: update to the latest commit of the 2.19
     branch to fix a few buffer overflow, unbounded stack allocation or memory
     leaks that have not been (yet ?) tagged as security issue. This branch
     includes a few patches already applied manually:
     - drop patches/localedata/unsubmitted-tst-setlocale3-ENV.diff (merged
       upstream).
     - drop patches/s390/cvs-s390-abi-reversal.diff (merged upstream).
     - update patches/any/cvs-resolv-first-query-failure.diff
     - drop patches/any/cvs-resolv-reuse-fd.diff (merged upstream).
     - drop patches/any/cvs-posix_spawn_file_actions_addopen.diff (merged
       upstream).
     - drop patches/any/cvs-setlocale-alloca.diff (merged upstream).
     - drop patches/any/cvs-CVE-2014-0475.diff (merged upstream).
     - drop patches/any/cvs-CVE-2014-5119.diff (merged upstream).
     - drop patches/any/cvs-CVE-2014-6040.diff (merged upstream).
Checksums-Sha1:
 fa83e18f01a595c7a85e6757e4511719ff850ec9 8208 glibc_2.19-14.dsc
 39de9884c187375ca31b7660e097ebabdda03a4c 1023596 glibc_2.19-14.debian.tar.xz
 1a0e9bcd8f5e0d63656f9cf9da73799ff14a8970 2264594 glibc-doc_2.19-14_all.deb
 723b2fd7206a8ab60736468d7e052441b875b7f7 13880538 glibc-source_2.19-14_all.deb
 2701c2e82c7f5175f6bf9b67fc155224ad21ed3c 3954862 locales_2.19-14_all.deb
 de087fe53979f7e3cb6e1ea2d54890ab6fd89463 4831666 libc6_2.19-14_amd64.deb
 85ac2a73f998a4a1f32fa03e0b5c74757fec1550 2001398 libc6-dev_2.19-14_amd64.deb
 efb3ba1d8b7e5887cc7281c0d99dbbdc148c4359 1473754 libc6-pic_2.19-14_amd64.deb
 f88dc81758d8d3393550734b3ce5fad8dfcef299 1284466 libc-bin_2.19-14_amd64.deb
 60ecccc5a63c117a97268029705df2972acac009 236022 libc-dev-bin_2.19-14_amd64.deb
 dafba55b02c35f46f97f63db716d3fc539fd8d5b 178164 multiarch-support_2.19-14_amd64.deb
 64b05d99fe580156ff6db900231b69c7a7994197 3537636 locales-all_2.19-14_amd64.deb
 a9f13b902cec06459e563cf63bdfe54f91a5422b 2377218 libc6-i386_2.19-14_amd64.deb
 e3b60657a16d43dadbcc2be03a9eb8c73a7dcbb4 1315826 libc6-dev-i386_2.19-14_amd64.deb
 b2aeebef9d1349c001c71e25071f609941349c33 2602690 libc6-x32_2.19-14_amd64.deb
 abb0cbaa4f0cb5a1bf6cd38c7b13f9499ea2a620 1583782 libc6-dev-x32_2.19-14_amd64.deb
 f601c0874374e986d50f9bb717ab1b10f0931916 241746 nscd_2.19-14_amd64.deb
 59118ccb7b380d0124f68bc1d782fa218771bc67 3424446 libc6-dbg_2.19-14_amd64.deb
 b7eaa8013e06e801f998241d1bdd65203a5260e9 1054106 libc6-udeb_2.19-14_amd64.udeb
 3db585e2684bfd5ebab1dd080777b25e63e94e65 10054 libnss-dns-udeb_2.19-14_amd64.udeb
 10fb19f3df0ac779bd50f6612bebf5495f0c2721 16442 libnss-files-udeb_2.19-14_amd64.udeb
Checksums-Sha256:
 12d7d16c4f55a8dac8b37c500a85165b2e28241f4ff43d55849c3e23506bf750 8208 glibc_2.19-14.dsc
 f45a4d536174981b967f314315a7a92e638c7fea701de75e46382fb35fc7b3c6 1023596 glibc_2.19-14.debian.tar.xz
 a6d10ccecdae3ff49186197d1e549426b596cbea9a5ad451f947e5c14457a962 2264594 glibc-doc_2.19-14_all.deb
 ec8c1faa80a304b835293d83c51e1635a110d437680a2833fb3d1fa216309613 13880538 glibc-source_2.19-14_all.deb
 4f526667a622e13e950142ec181fbffd1a31c9d548f1b9e7379c2ac8ca315656 3954862 locales_2.19-14_all.deb
 f214e35f9f0be652be3388094f74aad8e4e32c83fb0fa69ace8bbea0af1b1733 4831666 libc6_2.19-14_amd64.deb
 a30f5077ca40dbc319398ac7f46f34cc29d95312c4ff2d987b27753c57639eb2 2001398 libc6-dev_2.19-14_amd64.deb
 e9bac0efd164c7427612efffb5df37638c092b89ed632a50473bb16a9d6d48ae 1473754 libc6-pic_2.19-14_amd64.deb
 1f72ef7587cd15de55f6cc5d1638e62c17fbfc4f30cb585f70447c5401f713ae 1284466 libc-bin_2.19-14_amd64.deb
 481746cf9b6ed1e0379ecc068e8cad8c51cf2e3222094bf924501cc82a103464 236022 libc-dev-bin_2.19-14_amd64.deb
 0040e89a5d62edbaddef22722a342e80e674eeacce4c2013f61cb41583a0917e 178164 multiarch-support_2.19-14_amd64.deb
 60b778594c5ab6e41a4b19a6634e1db65bc4453e761fd02dc62f80bd12c646d7 3537636 locales-all_2.19-14_amd64.deb
 bb432925acb1b328c599636838be358ae806756889b263465d1a2be920bb30a2 2377218 libc6-i386_2.19-14_amd64.deb
 f89703cf194eabd1a263f3da47eddf9747f32f391bdfa2b69e082ac06350a43e 1315826 libc6-dev-i386_2.19-14_amd64.deb
 2f4a0485d7d5e723592b7f6fd6f18bcb6162224d81bf60871cc043f6e0f56cb9 2602690 libc6-x32_2.19-14_amd64.deb
 931b6a01902dee173003f59d5308b22111fc9630d9142ff8886d84cd69f7a660 1583782 libc6-dev-x32_2.19-14_amd64.deb
 b60ff2e335164cb574a23da63112f771755828db7b61a0e71a18754abfa7aa1d 241746 nscd_2.19-14_amd64.deb
 c3db2852cc40909a83652d3f4f5ecc7329bf6c38caebe8e26cb7ecf588584ed2 3424446 libc6-dbg_2.19-14_amd64.deb
 6e008f33b72f9ab5e7e0ccad3af3dafadfa95e86248dabe2ba5393fb8f5aceb1 1054106 libc6-udeb_2.19-14_amd64.udeb
 9f66f76cbf5a928771b775b81de51a0556c64d974837bd67e0d0d6f73cce8d7c 10054 libnss-dns-udeb_2.19-14_amd64.udeb
 ddd2fa7474322e203d8fee97761c600f1a31c97fd42051e81d898fc670665b7d 16442 libnss-files-udeb_2.19-14_amd64.udeb
Files:
 a8cd9ea0cfeb0e7a5bc6aac4b328a8fc 8208 libs required glibc_2.19-14.dsc
 d31e89db3368fd2c946f4b94ae12a140 1023596 libs required glibc_2.19-14.debian.tar.xz
 8d81c9a90a464523bad6505ec5b8b30e 2264594 doc optional glibc-doc_2.19-14_all.deb
 fb54a0f7980a5735e886c2e86cf4c813 13880538 devel optional glibc-source_2.19-14_all.deb
 ac93451e54f83925a08990d884253507 3954862 localization standard locales_2.19-14_all.deb
 e5ec9c2a0c96e2940905c3f040f05673 4831666 libs required libc6_2.19-14_amd64.deb
 bb2b6e101ed9256f75dfabd5df35797b 2001398 libdevel optional libc6-dev_2.19-14_amd64.deb
 95b0d27529e9005218fc81cb90acc6d5 1473754 libdevel optional libc6-pic_2.19-14_amd64.deb
 3e7aa8320beebdea0ff9b8fe983fd18b 1284466 libs required libc-bin_2.19-14_amd64.deb
 76adfb2c2ecd9de7751365c53636411a 236022 libdevel optional libc-dev-bin_2.19-14_amd64.deb
 d591da9597e34b81d03778f7b19a1a9a 178164 libs required multiarch-support_2.19-14_amd64.deb
 ff52260e8a1c529addbd96e27c156d37 3537636 localization extra locales-all_2.19-14_amd64.deb
 c72ff6da61372f6a05ab88cea28e6de8 2377218 libs optional libc6-i386_2.19-14_amd64.deb
 3b455083b5d1d0e120444e15e3b1ee43 1315826 libdevel optional libc6-dev-i386_2.19-14_amd64.deb
 6a59ca8cd86fa28c4b2890b7c3ff2f17 2602690 libs optional libc6-x32_2.19-14_amd64.deb
 a4156186d1b173bc35789c8a1d7dd6e2 1583782 libdevel optional libc6-dev-x32_2.19-14_amd64.deb
 b3699f99c381b8ed30b25b3cd55ff722 241746 admin optional nscd_2.19-14_amd64.deb
 348ce8d507d6a354d850bf0f1803d074 3424446 debug extra libc6-dbg_2.19-14_amd64.deb
 62a1fcd79bc2fc3b9a389a77e1503d83 1054106 debian-installer extra libc6-udeb_2.19-14_amd64.udeb
 348984679b0ec27ecf98ee25b42760be 10054 debian-installer extra libnss-dns-udeb_2.19-14_amd64.udeb
 a129b114cd6ecf3ccf13eab247b6bf4d 16442 debian-installer extra libnss-files-udeb_2.19-14_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUzdnTAAoJELqceAYd3Yyb1w8P/37fxZNb9RKhj7XQAyYuI6ht
Ji/xmNUCePpTzFyxE1AnWU6kxSZr/UkLC9NOQ931XQko2XH1oWHdiTsdcORoViuH
kEH9X514ejZ4OndezC7ABF/xzD3DUDSP0bdZdcb79OsohmGKJQfl4gZDfLKKTR3v
dShzTKHlJcQYFcZmXkSPqUq7JuWatqDVl0WvqSZT4uN7cBEZisOQHZ+cyu/1w2QM
k6D4pLlmU6Qb6VjQkQWfK77WLYWBTw02VKJw52k5sF+3F1RKwNKwnUVFGI02u7Uv
q3p68bgA2IP+FfuSVkkKbJ0Z/KCBjyllfa9+4sVS+cNg8PJmza50gtlCVqv42QdY
BASy3rW8rIFK5BM8rJnUVuzux0dj+I5EOACwfVDWCQOzRxk91r+mBzYrcqHQjgeI
kOj8gxXNtIGScQlYOdBosyiMAluVvEu/3aiQdIj16GZJPVOcDdHVHa+kYidOqlM/
znraoe9a4Z45hwuNaJ5DRghV0quwMuasBCMej1StTOhnwYIrkBG/9ZMYa3ziwdxx
oQLvhP8sOPukHgmyp5B1W+btD0bQtQQ3LI+8nwrWdTSaJFZ4fgyPzd3BCxbfYvjG
G+jO5ZO+65avdgulTBdcCGruTQCT1lF+8iHZlQiRjznM17ekf262FvVpNXzSkz3t
4SOU9izPqMVFWePuIULS
=1BPx
-----END PGP SIGNATURE-----

--- End Message ---

Reply to: