Bug#777197: marked as done (glibc: CVE-2015-1472 CVE-2015-1473)

To: Aurelien Jarno <aurel32@debian.org>
Subject: Bug#777197: marked as done (glibc: CVE-2015-1472 CVE-2015-1473)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 28 Feb 2015 18:06:38 +0000
Message-id: <[🔎] handler.777197.D777197.142514655616707.ackdone@bugs.debian.org>
References: <E1YRlii-00006D-DI@franck.debian.org> <[🔎] 20150206074337.23179.79764.reportbug@m25s06.vlinux.de>

Your message dated Sat, 28 Feb 2015 18:02:32 +0000
with message-id <E1YRlii-00006D-DI@franck.debian.org>
and subject line Bug#777197: fixed in eglibc 2.13-38+deb7u8
has caused the Debian Bug report #777197,
regarding glibc: CVE-2015-1472 CVE-2015-1473
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
777197: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777197
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: glibc: CVE-2015-1472

From: Moritz Muehlenhoff <jmm@inutil.org>

Date: Fri, 06 Feb 2015 08:43:37 +0100

Message-id: <[🔎] 20150206074337.23179.79764.reportbug@m25s06.vlinux.de>
Package: glibc
Severity: grave
Tags: security
Justification: user security hole

Hi,
please see https://sourceware.org/bugzilla/show_bug.cgi?id=16618
The patch is here: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06

This was introduced by https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0
(2.15). Since the patch was backported into wheezy, it is also
affected (while squeeze is not).

Cheers,
        Moritz
--- End Message ---

--- Begin Message ---

To: 777197-close@bugs.debian.org
Subject: Bug#777197: fixed in eglibc 2.13-38+deb7u8
From: Aurelien Jarno <aurel32@debian.org>
Date: Sat, 28 Feb 2015 18:02:32 +0000
Message-id: <E1YRlii-00006D-DI@franck.debian.org>

Source: eglibc
Source-Version: 2.13-38+deb7u8

We believe that the bug you reported is fixed in the latest version of
eglibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 777197@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated eglibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 22 Feb 2015 09:49:50 +0100
Source: eglibc
Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd multiarch-support libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libc6-loongson2f libnss-dns-udeb libnss-files-udeb
Architecture: source all
Version: 2.13-38+deb7u8
Distribution: wheezy-security
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description: 
 eglibc-source - Embedded GNU C Library: sources
 glibc-doc  - Embedded GNU C Library: Documentation
 libc-bin   - Embedded GNU C Library: Binaries
 libc-dev-bin - Embedded GNU C Library: Development binaries
 libc0.1    - Embedded GNU C Library: Shared libraries
 libc0.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for AMD64
 libc0.1-i386 - Embedded GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - Embedded GNU C Library: PIC archive library
 libc0.1-prof - Embedded GNU C Library: Profiling Libraries
 libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - Embedded GNU C Library: Shared libraries
 libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.3-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.3-pic - Embedded GNU C Library: PIC archive library
 libc0.3-prof - Embedded GNU C Library: Profiling Libraries
 libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3-xen - Embedded GNU C Library: Shared libraries [Xen version]
 libc6      - Embedded GNU C Library: Shared libraries
 libc6-amd64 - Embedded GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - Embedded GNU C Library: detached debugging symbols
 libc6-dev  - Embedded GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - Embedded GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - Embedded GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips64 - Embedded GNU C Library: 64bit Development Libraries for MIPS64
 libc6-dev-mipsn32 - Embedded GNU C Library: n32 Development Libraries for MIPS64
 libc6-dev-powerpc - Embedded GNU C Library: 32bit powerpc development libraries for p
 libc6-dev-ppc64 - Embedded GNU C Library: 64bit Development Libraries for PowerPC64
 libc6-dev-s390 - Embedded GNU C Library: 32bit Development Libraries for IBM zSeri
 libc6-dev-s390x - Embedded GNU C Library: 64bit Development Libraries for IBM zSeri
 libc6-dev-sparc64 - Embedded GNU C Library: 64bit Development Libraries for UltraSPAR
 libc6-i386 - Embedded GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc6-loongson2f - Embedded GNU C Library: Shared libraries (Loongson 2F optimized)
 libc6-mips64 - Embedded GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - Embedded GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - Embedded GNU C Library: PIC archive library
 libc6-powerpc - Embedded GNU C Library: 32bit powerpc shared libraries for ppc64
 libc6-ppc64 - Embedded GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-prof - Embedded GNU C Library: Profiling Libraries
 libc6-s390 - Embedded GNU C Library: 32bit Shared libraries for IBM zSeries
 libc6-s390x - Embedded GNU C Library: 64bit Shared libraries for IBM zSeries
 libc6-sparc64 - Embedded GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc6-xen  - Embedded GNU C Library: Shared libraries [Xen version]
 libc6.1    - Embedded GNU C Library: Shared libraries
 libc6.1-alphaev67 - Embedded GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc6.1-pic - Embedded GNU C Library: PIC archive library
 libc6.1-prof - Embedded GNU C Library: Profiling Libraries
 libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - Embedded GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - Embedded GNU C Library: NSS helper for files - udeb (udeb)
 locales    - Embedded GNU C Library: National Language (locale) data [support]
 locales-all - Embedded GNU C Library: Precompiled locale data
 multiarch-support - Transitional package to ensure multiarch compatibility
 nscd       - Embedded GNU C Library: Name Service Cache Daemon
Closes: 681888 751774 775572 777197
Changes: 
 eglibc (2.13-38+deb7u8) wheezy-security; urgency=medium
 .
   * debian/patches/any/cvs-wscanf.diff: new patch from upstream to fix a
     heap buffer overflow in wscanf (CVE-2015-1472, CVE-2015-1473). Closes:
     #777197.
   * debian/patches/any/cvs-vfprintf.diff: new patch from ustream to fix a
     stack overflow in vfprintf (CVE-2012-3406). Closes: #681888.
   * debian/patches/any/cvs-posix_spawn_file_actions_addopen.diff: new patch
     from upstream to fix a vulnerability in posix_spawn_file_actions_addopen
     (CVE-2014-4043). Closes: #751774.
   * debian/patches/any/cvs-getnetbyname.diff: new patch from upstream to fix
     an infinite loop in getnetbyname (CVE-2014-9402). Closes: #775572.
   * debian/patches/any/cvs-getaddrinfo-idn.diff: new patch from upstream to
     fix a invalid-free when using getaddrinfo with IDN (CVE-2013-7424).
Checksums-Sha1: 
 3f6024c33cbbc28cfb7408cf1bd71158dbe65b25 5387 eglibc_2.13-38+deb7u8.dsc
 ad16463f72e7a6ad264e8b1f55d715aa6c150ee1 2025161 eglibc_2.13-38+deb7u8.diff.gz
 6bf967beca00993870856d92ab374a08efe1f9d5 1898264 glibc-doc_2.13-38+deb7u8_all.deb
 a992fd0b8381153cd9a599875ac9fe87372b1e70 13418902 eglibc-source_2.13-38+deb7u8_all.deb
 6c04e6f5231c8792096221e0b7b3f4735534fa84 5708190 locales_2.13-38+deb7u8_all.deb
Checksums-Sha256: 
 761e09d1e83fd7ff5f9b584ff3d4433f974ed56e5c9f58a180ed348d8a67ea3f 5387 eglibc_2.13-38+deb7u8.dsc
 752897b2dbc581bbea10077e441c93bee1d6824c055b4ddfe3ca1809c4d2ca31 2025161 eglibc_2.13-38+deb7u8.diff.gz
 3823cab9e753bea3257eafce36579c9a9a7e4442ae3e7ebe40d6e48a1890e24d 1898264 glibc-doc_2.13-38+deb7u8_all.deb
 2d271f80e9270847df12f95e4d9b89682c959ce0577fdefc74b4397f84b2ced9 13418902 eglibc-source_2.13-38+deb7u8_all.deb
 fbdec82cc2790947d1c1ddefb9086a386de2ce632afcc03161029a1953836e93 5708190 locales_2.13-38+deb7u8_all.deb
Files: 
 6a68d1b168b660d1e8d91757ab680dc4 5387 libs required eglibc_2.13-38+deb7u8.dsc
 027e0ddf239ee6e61957392600a14604 2025161 libs required eglibc_2.13-38+deb7u8.diff.gz
 05b799c7293911693044cb7cb76114c8 1898264 doc optional glibc-doc_2.13-38+deb7u8_all.deb
 865c319d96eb093222f1de12701058b2 13418902 devel optional eglibc-source_2.13-38+deb7u8_all.deb
 7b8e6d7c91f624195b951ba7d10908af 5708190 localization standard locales_2.13-38+deb7u8_all.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJU6aGJAAoJELqceAYd3YybtXsQAJivjjk+19Db+uZYp7Tf99t4
aWf9k7SMjt7jbsg+zl39p4T/cGxGnz0dzDmqmKxTwm8Wn2viNV9x8xxJCzTcv1gZ
9llEj3ucD2AsYxQJdRoqYvuRnMkQFxfVx04jrZbZgpwEfm3IbmWfQOpYBBVa1ilu
OOlHm2s54K3tQvAF7htZsMuHNwmofgMv9e7SKQlg2lg31yXTwGakAnkifW0Kdvgt
emJ+mMvUIfsCOr/ZMYZxzeFc3+W9qng1L4/0HE5DT2TLMUCfLQHjhZwYUf8kKhgx
i3+aJxmWlPfUhXd8s/k5xCRphHmH8aDrV2StHguaZnViBqobNPRgjhNSTJvQPT+m
O95pivwJZOa79Wq15CX/0k6gwWfQOr1ADcoLxzhkm3zAMlOxFSrJ1GCL1acon9Hj
5aht/D0qpho3YPCq6e1+DFevj48egRFP4v5QccpyVESWAB+4q6oRox6r9poyVUF1
CBQXNN6ENbago4DGZdTP015ysIsOdlyaV7M160VGxfsihkESPWAnoB9OG4vA7hDA
YuJC1J9/DKxx2p0figp50H+R2zNs1JBAO6YRcxkin1bjpS2cf5vYkvO8zXsOvVTA
pzZAcDCGFPILxdbBSKsrqAndInK/QneZjYzMgfvWrT/csduVz+lnM+yw0NtxKV/w
jQW1UI4FM3WnS5c0n2F7
=KGAX
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#777197: glibc: CVE-2015-1472
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Bug#775572: marked as done (glibc: CVE-2014-7817 CVE-2014-9402)
Next by Date: eglibc_2.13-38+deb7u8_all.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Previous by thread: Bug#777197: marked as done (glibc: CVE-2015-1472 CVE-2015-1473)
Next by thread: Processed: retitle 777197 to glibc: CVE-2015-1472 CVE-2015-1473
Index(es):
- Date
- Thread