Control: notfound -1 eglibc 2.13-38+deb7u7
Control: fixed -1 eglibc/2.13-38+deb7u5
On 2015-01-29 23:53, Ben Hutchings wrote:
> Control: retitle -1 libc6: getaddrinfo() sends DNS queries to random file descriptors (CVE-2013-7423)
> Control: forwarded -1 https://sourceware.org/bugzilla/show_bug.cgi?id=15946
> Control: severity -1 serious
> Control: found -1 eglibc 2.11.3-4+deb6u4
> Control: found -1 eglibc 2.13-38+deb7u7
>
> This bug came up again at
> <http://www.openwall.com/lists/oss-security/2015/01/28/16>. It still
> needs fixing in wheezy and squeeze-lts.
It does NOT need to be fixed on wheezy, as it was already done a few
months ago as part of the 2.13-38+deb7u5 upload:
| eglibc (2.13-38+deb7u5) wheezy; urgency=medium
|
| * debian/patches/any/cvs-resolv-reuse-fd.diff: new patch from upstream
| to fix invalid file descriptor reuse while sending DNS query. Closes:
| #722075, #756343.
| * debian/patches/any/cvs-CVE-2013-4357.diff: new patch from upstream to
| fix stack overflow issues. Closes: #742925.
| * debian/patches/any/submitted-CVE-2014-0475.diff: update from upstream
| to fix a localplt regression introduced in version 2.13-38+deb7u3.
| * patches/any/cvs-dlopen-tls-memleak.patch: new patch from upstream to
| fix a memory leak with dlopen() and thread-local storage variables.
| Closes: #763559.
| * debian/TODO, debian/debhelper.in/glibc-doc.{install,links,manpage}:
| re-add files lost in the deb7u3 and deb7u4 security upgrades, causing
| the glibc-doc package to be almost empty.
|
| -- Aurelien Jarno <aurel32@debian.org> Wed, 08 Oct 2014 22:50:01 +0200
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurelien@aurel32.net http://www.aurel32.net
Attachment:
signature.asc
Description: Digital signature