Bug#812455: marked as done (glibc: CVE-2015-8779: Unbounded stack allocation in catopen function)
Your message dated Mon, 25 Apr 2016 22:18:50 +0000
with message-id <E1auoqA-0003Zk-JH@franck.debian.org>
and subject line Bug#812455: fixed in eglibc 2.13-38+deb7u10
has caused the Debian Bug report #812455,
regarding glibc: CVE-2015-8779: Unbounded stack allocation in catopen function
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
-- 
812455: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812455
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: glibc: CVE-2015-8779: Unbounded stack allocation in catopen function
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Sat, 23 Jan 2016 20:12:06 +0100
- Message-id: <145357626501.22133.511622095585449211.reportbug@eldamar.local>
Source: glibc
Version: 2.19-18
Severity: important
Tags: security upstream
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=17905
Hi,
the following vulnerability was published for glibc.
CVE-2015-8779[0]:
catopen() Multiple unbounded stack allocations
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-8779
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=17905
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: eglibc
Source-Version: 2.13-38+deb7u10
We believe that the bug you reported is fixed in the latest version of
eglibc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 812455@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated eglibc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 11 Feb 2016 23:11:53 +0100
Source: eglibc
Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd multiarch-support libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libc6-loongson2f libnss-dns-udeb libnss-files-udeb
Architecture: source all amd64
Version: 2.13-38+deb7u10
Distribution: wheezy-security
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description: 
 eglibc-source - Embedded GNU C Library: sources
 glibc-doc  - Embedded GNU C Library: Documentation
 libc-bin   - Embedded GNU C Library: Binaries
 libc-dev-bin - Embedded GNU C Library: Development binaries
 libc0.1    - Embedded GNU C Library: Shared libraries
 libc0.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for AMD64
 libc0.1-i386 - Embedded GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - Embedded GNU C Library: PIC archive library
 libc0.1-prof - Embedded GNU C Library: Profiling Libraries
 libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - Embedded GNU C Library: Shared libraries
 libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.3-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.3-pic - Embedded GNU C Library: PIC archive library
 libc0.3-prof - Embedded GNU C Library: Profiling Libraries
 libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3-xen - Embedded GNU C Library: Shared libraries [Xen version]
 libc6      - Embedded GNU C Library: Shared libraries
 libc6-amd64 - Embedded GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - Embedded GNU C Library: detached debugging symbols
 libc6-dev  - Embedded GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - Embedded GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - Embedded GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips64 - Embedded GNU C Library: 64bit Development Libraries for MIPS64
 libc6-dev-mipsn32 - Embedded GNU C Library: n32 Development Libraries for MIPS64
 libc6-dev-powerpc - Embedded GNU C Library: 32bit powerpc development libraries for p
 libc6-dev-ppc64 - Embedded GNU C Library: 64bit Development Libraries for PowerPC64
 libc6-dev-s390 - Embedded GNU C Library: 32bit Development Libraries for IBM zSeri
 libc6-dev-s390x - Embedded GNU C Library: 64bit Development Libraries for IBM zSeri
 libc6-dev-sparc64 - Embedded GNU C Library: 64bit Development Libraries for UltraSPAR
 libc6-i386 - Embedded GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc6-loongson2f - Embedded GNU C Library: Shared libraries (Loongson 2F optimized)
 libc6-mips64 - Embedded GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - Embedded GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - Embedded GNU C Library: PIC archive library
 libc6-powerpc - Embedded GNU C Library: 32bit powerpc shared libraries for ppc64
 libc6-ppc64 - Embedded GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-prof - Embedded GNU C Library: Profiling Libraries
 libc6-s390 - Embedded GNU C Library: 32bit Shared libraries for IBM zSeries
 libc6-s390x - Embedded GNU C Library: 64bit Shared libraries for IBM zSeries
 libc6-sparc64 - Embedded GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc6-xen  - Embedded GNU C Library: Shared libraries [Xen version]
 libc6.1    - Embedded GNU C Library: Shared libraries
 libc6.1-alphaev67 - Embedded GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc6.1-pic - Embedded GNU C Library: PIC archive library
 libc6.1-prof - Embedded GNU C Library: Profiling Libraries
 libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - Embedded GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - Embedded GNU C Library: NSS helper for files - udeb (udeb)
 locales    - Embedded GNU C Library: National Language (locale) data [support]
 locales-all - Embedded GNU C Library: Precompiled locale data
 multiarch-support - Transitional package to ensure multiarch compatibility
 nscd       - Embedded GNU C Library: Name Service Cache Daemon
Closes: 812441 812445 812455
Changes: 
 eglibc (2.13-38+deb7u10) wheezy-security; urgency=medium
 .
   [ Aurelien Jarno ]
   * patches/any/cvs-strftime.diff: new patch from upstream to fix
     segmentation fault caused by passing out-of-range data to strftime()
     (CVE-2015-8776).  Closes: #812445.
   * patches/any/cvs-hcreate.diff: new patch from upstream to fix an integer
     overflow in hcreate() and hcreate_r() (CVE-2015-8778). Closes: #812441.
   * patches/any/cvs-catopen.diff: new patch from upstream to fix multiple
     unbounded stack allocations in catopen() (CVE-2015-8779).  Closes:
     #812455.
   * patches/any/cvs-gethostbyname4-memory-leak.diff: new patch from
     upstream to fix a memory leak in _nss_dns_gethostbyname4_r with big
     DNS answers.
   * patches/any/local-CVE-2015-7547.diff: new patch to fix glibc getaddrinfo
     stack-based buffer overflow (CVE-2015-7547).
Checksums-Sha1: 
 88c4d272d517a7e9fd19c17e7ea82aad54ec1e1b 5376 eglibc_2.13-38+deb7u10.dsc
 fe803d763aece9cdadcbf79f9c4fce848ef55dd4 2043246 eglibc_2.13-38+deb7u10.diff.gz
 b275dd5a7d9615503bdd4a3264ab5e6dadf666f9 1898642 glibc-doc_2.13-38+deb7u10_all.deb
 095e1996d872eb1030e9684b7b4570c17acd7730 13565616 eglibc-source_2.13-38+deb7u10_all.deb
 765589b94675996a6cc78de0bb326bf624780bde 5717232 locales_2.13-38+deb7u10_all.deb
Checksums-Sha256: 
 55af8c243c4dfb1fba69e5eb5587e6c7228f3114e885cc3fee5c8776f7a3d9c5 5376 eglibc_2.13-38+deb7u10.dsc
 30c68b8ac3d434f19feafd2f2814224d53548ade548e1abbf49a0b128fb2e95d 2043246 eglibc_2.13-38+deb7u10.diff.gz
 35d7b8320f2cd4109d2597500ca342359732dd20a74e17c03651259aedec1c9b 1898642 glibc-doc_2.13-38+deb7u10_all.deb
 f67dbbb799eae2116b58e1f3e9a848996b0010b883aa8946d768e526fe4b8067 13565616 eglibc-source_2.13-38+deb7u10_all.deb
 da8a6574b0655fb36183ac732d3483006b28157f06b9f331dec60ef76c80268e 5717232 locales_2.13-38+deb7u10_all.deb
Files: 
 d5a7a9976d1937cc6f0cec965df6f981 5376 libs required eglibc_2.13-38+deb7u10.dsc
 c061cd248a62e5ffe6758e3f08a30f06 2043246 libs required eglibc_2.13-38+deb7u10.diff.gz
 d4cf7a03a746a256569fdc22c721582a 1898642 doc optional glibc-doc_2.13-38+deb7u10_all.deb
 7228afeb66bf69582998c2bd33213562 13565616 devel optional eglibc-source_2.13-38+deb7u10_all.deb
 33da2b340dbc7f16f556d2e62ec3dabb 5717232 localization standard locales_2.13-38+deb7u10_all.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWvRVrAAoJELqceAYd3Yyb31oP/Rl20sl/ZJIo5WUFELhDYs/2
KWE+pSBgQ0QT6igOn2D2LGDZgVONPCyhhuDLkWk7gQYHQOAZminzxjobIx52F0/K
cXVk7EuZlOs55e67Ma3AXnwy+dMSqsuo5RPZgW9AELdhZtAcHKBqFog47+7hBNgf
y7kfeXFa/HE3U5fj/anKYqMWVWmIiTHq4A6C9Cjce/KN7QmG64dX1SsLoqx8SfmR
M1kAv+DYt3C73S5hChFC3NOCY/e+W29tcpJikDwaWV0Rt3dmAXrKjFmS1ivbrBPn
VtgoHQCVCm88XeryQrucWXKh4SklMgHfy3rlun0RiSO6V03iBn0UV0Li80XY2ssB
831F6SDmsSJkyGyAeuCjaSGUEFf7Q1w3+80tSkHDujQEdlGMqipfocfQtlTP3mAL
k5YfG4TzuF6bSd7g9pdQ+MshzdZnxhdfI/w/hyl9XMYoGOUbigDy6/XNhJ4xyHlP
Xfqlj3+paldHM7VBtRrru6AX0qfRz3tnjQ3KIGMnZUfMkXdm90oLnog02XfnOsMX
E69fy9uSg+ZzZuGfh6P48na9Lxt7PqMniBe6bmr8IM4Xb671nyBm8UT8zJBHmMEj
nUvX/MVw9f7uZKc0r/ay0a7nQlNNLNMRgGNCRmbiiRLKG8NUesvrtBcDBxWryXBh
mjAvrQJMikWVCOKUUf51
=4Fdv
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: