Bug#812441: marked as done (glibc: CVE-2015-8778: Integer overflow in hcreate and hcreate_r)

To: Aurelien Jarno <aurel32@debian.org>
Subject: Bug#812441: marked as done (glibc: CVE-2015-8778: Integer overflow in hcreate and hcreate_r)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Wed, 17 Feb 2016 20:03:20 +0000
Message-id: <[🔎] handler.812441.D812441.145573937513031.ackdone@bugs.debian.org>
References: <E1aVgW4-000851-2c@franck.debian.org> <20160123191531.GA30904@eldamar.local>

Your message dated Tue, 16 Feb 2016 14:22:12 +0000
with message-id <E1aVgW4-000851-2c@franck.debian.org>
and subject line Bug#812441: fixed in glibc 2.21-8
has caused the Debian Bug report #812441,
regarding glibc: CVE-2015-8778: Integer overflow in hcreate and hcreate_r
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
812441: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812441
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: glibc: CVE-2015-8778: Integer overflow in hcreate and hcreate_r

From: Salvatore Bonaccorso <carnil@debian.org>

Date: Sat, 23 Jan 2016 20:15:31 +0100

Message-id: <20160123191531.GA30904@eldamar.local>
Source: glibc
Version: 2.19-18
Severity: important
Tags: security upstream
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=18240

Hi,

the following vulnerability was published for glibc.

CVE-2015-8778[0]:
Integer overflow in hcreate and hcreate_r

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-8778
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=18240

Regards,
Salvatore
--- End Message ---

--- Begin Message ---

To: 812441-close@bugs.debian.org
Subject: Bug#812441: fixed in glibc 2.21-8
From: Aurelien Jarno <aurel32@debian.org>
Date: Tue, 16 Feb 2016 14:22:12 +0000
Message-id: <E1aVgW4-000851-2c@franck.debian.org>

Source: glibc
Source-Version: 2.21-8

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 812441@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 15 Feb 2016 21:38:15 +0100
Source: glibc
Binary: libc-bin libc-dev-bin libc-l10n glibc-doc glibc-source locales locales-all nscd multiarch-support libc6 libc6-dev libc6-dbg libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc libc6-dev-sparc libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mips32 libc6-dev-mips32 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-x32 libc6-dev-x32 libc6-i686 libc6-xen libc0.1-i686 libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb
Architecture: source
Version: 2.21-8
Distribution: unstable
Urgency: critical
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description:
 glibc-doc  - GNU C Library: Documentation
 glibc-source - GNU C Library: sources
 libc-bin   - GNU C Library: Binaries
 libc-dev-bin - GNU C Library: Development binaries
 libc-l10n  - GNU C Library: localization files
 libc0.1    - GNU C Library: Shared libraries
 libc0.1-dbg - GNU C Library: detached debugging symbols
 libc0.1-dev - GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64
 libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - GNU C Library: PIC archive library
 libc0.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - GNU C Library: Shared libraries
 libc0.3-dbg - GNU C Library: detached debugging symbols
 libc0.3-dev - GNU C Library: Development Libraries and Header Files
 libc0.3-pic - GNU C Library: PIC archive library
 libc0.3-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc6      - GNU C Library: Shared libraries
 libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - GNU C Library: detached debugging symbols
 libc6-dev  - GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips32 - GNU C Library: o32 Development Libraries for MIPS
 libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64
 libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64
 libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for ppc64
 libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64
 libc6-dev-s390 - GNU C Library: 32bit Development Libraries for IBM zSeries
 libc6-dev-sparc - GNU C Library: 32bit Development Libraries for SPARC
 libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC
 libc6-dev-x32 - GNU C Library: X32 ABI Development Libraries for AMD64
 libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc6-mips32 - GNU C Library: o32 Shared libraries for MIPS
 libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - GNU C Library: PIC archive library
 libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64
 libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-s390 - GNU C Library: 32bit Shared libraries for IBM zSeries
 libc6-sparc - GNU C Library: 32bit Shared libraries for SPARC
 libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libc6-x32  - GNU C Library: X32 ABI Shared libraries for AMD64
 libc6-xen  - GNU C Library: Shared libraries [Xen version]
 libc6.1    - GNU C Library: Shared libraries
 libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - GNU C Library: detached debugging symbols
 libc6.1-dev - GNU C Library: Development Libraries and Header Files
 libc6.1-pic - GNU C Library: PIC archive library
 libc6.1-udeb - GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb)
 locales    - GNU C Library: National Language (locale) data [support]
 locales-all - GNU C Library: Precompiled locale data
 multiarch-support - Transitional package to ensure multiarch compatibility
 nscd       - GNU C Library: Name Service Cache Daemon
Closes: 812441
Changes:
 glibc (2.21-8) unstable; urgency=critical
 .
   * Update from upstream stable branch:
     - Fix an integer overflow in hcreate() and hcreate_r() (CVE-2015-8778).
       Closes: #812441.
   * patches/any/local-CVE-2015-7547.diff: new patch to fix glibc getaddrinfo
     stack-based buffer overflow (CVE-2015-7547).
Checksums-Sha1:
 3721663901d44562608c9a655680ea9fb2c26c4e 8059 glibc_2.21-8.dsc
 87550a43d38a75a54a9441129aadc6adf0a663d1 1043172 glibc_2.21-8.debian.tar.xz
Checksums-Sha256:
 748eb6a2965425632e72b0b4d9e3d5078540761f80175c530cb1e87931c05017 8059 glibc_2.21-8.dsc
 2b7f479d148df8d2fc0c934e6706aa0ca2d004186a2b7637e2086c5664d3a6f6 1043172 glibc_2.21-8.debian.tar.xz
Files:
 7841451b56726869cc81300b523143fc 8059 libs required glibc_2.21-8.dsc
 9cf5d4a6b7667b682fe72cee7fc259d3 1043172 libs required glibc_2.21-8.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWwjivAAoJELqceAYd3Yyb+RMP/0plepDBzjZnqQwZX2xyiSdA
gqOLnsrEu2yVYT3sncwgWEzq/MrlxiyJG/5raba3YzqW/+5I1JrTMTkQFNERfz7A
qBdgZuibcD62aSvEd4jRBYUlfXqQjixCUD8KRoLRDqLYKBb9NMAPbUiFqLZdSMcf
int5yuoULlpz2WDvbdEFYFZAKlsDxFrmVo+xTXNz/nAeVUT41XX6Jm8iRehKcNy7
bB7iCDDwOleifydLoFS0pHuXpe4A84Bl+w13B0uAC+Ojx7iZ3i6H0MoI+38I9ivd
EDoA8fxFFt9EULCrXo9BEwsF2f2dmhrixeragcngp2g5uD8Z+mW3QxDpBcbRQpDr
P2ahkQgF6qIccifkqzfDvwzb78QRxP+90B/1tS9dkgU13jIaUTb7uWhjGxVIwxOD
6Ig12dMobY9FLJSjE0iplaQ2DHDG7bWZm1F8iNf6znqvzp2QRSuZ0EUHgxSQcNmo
kMgtlxoze0KVPsS2p8NB8VfLZ6owtlw5xgqGrUDlUtv/9Y1uWKsUR035I3c72D1n
xIF59Z0jQkg0GG3v5d6sMzPYb5rTwGsAn/UZFOXuHz/hFu10pExuIccOmiml0qwj
bL+jHWktdcf9cRIDuMQKNRqvrnxKcWifzJaFwPLlLfXTcZTr7UlImwPU9mNAhwV2
EhXsYlydgoZf5I6sGhU4
=/1BQ
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: glibc_2.22-0experimental2_source.changes ACCEPTED into experimental
Next by Date: Re: Debian Jessie installer freezes during "Processing triggers for libc-bin"
Previous by thread: Bug#812441: marked as done (glibc: CVE-2015-8778: Integer overflow in hcreate and hcreate_r)
Next by thread: Bug#812441: marked as done (glibc: CVE-2015-8778: Integer overflow in hcreate and hcreate_r)
Index(es):
- Date
- Thread