Control: notfound -1 eglibc 2.13-38+deb7u7 Control: fixed -1 eglibc/2.13-38+deb7u5 On 2015-01-29 23:53, Ben Hutchings wrote: > Control: retitle -1 libc6: getaddrinfo() sends DNS queries to random file descriptors (CVE-2013-7423) > Control: forwarded -1 https://sourceware.org/bugzilla/show_bug.cgi?id=15946 > Control: severity -1 serious > Control: found -1 eglibc 2.11.3-4+deb6u4 > Control: found -1 eglibc 2.13-38+deb7u7 > > This bug came up again at > <http://www.openwall.com/lists/oss-security/2015/01/28/16>. It still > needs fixing in wheezy and squeeze-lts. It does NOT need to be fixed on wheezy, as it was already done a few months ago as part of the 2.13-38+deb7u5 upload: | eglibc (2.13-38+deb7u5) wheezy; urgency=medium | | * debian/patches/any/cvs-resolv-reuse-fd.diff: new patch from upstream | to fix invalid file descriptor reuse while sending DNS query. Closes: | #722075, #756343. | * debian/patches/any/cvs-CVE-2013-4357.diff: new patch from upstream to | fix stack overflow issues. Closes: #742925. | * debian/patches/any/submitted-CVE-2014-0475.diff: update from upstream | to fix a localplt regression introduced in version 2.13-38+deb7u3. | * patches/any/cvs-dlopen-tls-memleak.patch: new patch from upstream to | fix a memory leak with dlopen() and thread-local storage variables. | Closes: #763559. | * debian/TODO, debian/debhelper.in/glibc-doc.{install,links,manpage}: | re-add files lost in the deb7u3 and deb7u4 security upgrades, causing | the glibc-doc package to be almost empty. | | -- Aurelien Jarno <aurel32@debian.org> Wed, 08 Oct 2014 22:50:01 +0200 -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurelien@aurel32.net http://www.aurel32.net
Attachment:
signature.asc
Description: Digital signature