Bug#856503: marked as done (glibc: CVE-2016-10228: iconv(1) with -c option hangs on illegal multi-byte sequences)
Your message dated Tue, 04 Aug 2020 15:19:07 +0000
with message-id <E1k2yiZ-0006kq-5p@fasolo.debian.org>
and subject line Bug#856503: fixed in glibc 2.31-3
has caused the Debian Bug report #856503,
regarding glibc: CVE-2016-10228: iconv(1) with -c option hangs on illegal multi-byte sequences
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
856503: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856503
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: glibc: CVE-2016-10228: iconv(1) with -c option hangs on illegal multi-byte sequences
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Wed, 01 Mar 2017 19:41:59 +0100
- Message-id: <148839371989.21583.16182549549535193092.reportbug@eldamar.local>
Source: glibc
Version: 2.19-18
Severity: important
Tags: upstream security
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=19519
Hi,
the following vulnerability was published for glibc.
CVE-2016-10228[0]:
glibc iconv program can hang when invoked with the -c option
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-10228
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10228
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=19519
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: glibc
Source-Version: 2.31-3
Done: Aurelien Jarno <aurel32@debian.org>
We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 856503@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 04 Aug 2020 17:02:38 +0200
Source: glibc
Architecture: source
Version: 2.31-3
Distribution: unstable
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Closes: 856503 962457
Changes:
glibc (2.31-3) unstable; urgency=medium
.
[ Aurelien Jarno ]
* debian/control.in/libc: add a Breaks: against openarena (<< 0.8.8+dfsg-4~)
due to bug#966150.
* debian/control.in/libc: add a Breaks: against ioquake3
(<< 1.36+u20200211.f2c61c1~dfsg-2~) as previous versions are not correctly
linked with libm.
* debian/patches/git-updates.diff: update from upstream stable branch:
- Fix an infinite loop in the iconv program (CVE-2016-10228). Closes:
#856503.
- debian/patches/any/submitted-selinux-deprecations.diff: upstreamed.
- debian/patches/x32/submitted-fix-nptl-setgroups-x32.diff: upstreamed.
* debian/rules.d/build.mk: install <finclude/math-vector-fortran.h> in the
multiarch path. Closes: #962457.
.
[ Samuel Thibault ]
* debian/libc0.3.symbols.hurd-i386: Fix dependency of __errno_location and
__h_errno_location symbols in libpthread.
* patches/hurd-i386/unsubmitted-sbrk-_end.diff: Fix _end symbol appearance
by reworking sbrk.
* patches/hurd-i386/unsubmitted-sched_sets.diff: Add sched_set/getscheduler.
* patches/hurd-i386/git-pthread_atfork-hidden.diff: Hide pthread_atfork
symbols imported to applications, to avoid leaking them.
Checksums-Sha1:
51042e7e252f974e753a23d88e3f93fb5c08d376 8195 glibc_2.31-3.dsc
c3c1c43eedc1eeb109cab92cf3c89da103fb0d0e 843860 glibc_2.31-3.debian.tar.xz
996608535549a3ae2b4dd093d6b1d5dae3fa4b6f 6654 glibc_2.31-3_source.buildinfo
Checksums-Sha256:
d620bb217b3cda48e48d21f29fbf73aa907f78b8f77d674cae0ce452c886ae3e 8195 glibc_2.31-3.dsc
973658d166dd9bbf481e4747487fea35101c70a03066de1f14e5e87ed7477c29 843860 glibc_2.31-3.debian.tar.xz
c105f6da16e5b3f69f11c38d9ca6e016e8c6d4649e152281a0832788eaebe03d 6654 glibc_2.31-3_source.buildinfo
Files:
0374bd34e1f6495dabe7996552251d32 8195 libs required glibc_2.31-3.dsc
73f4bb753825e4700578f3e0f83b9de5 843860 libs required glibc_2.31-3.debian.tar.xz
137bbc65a88a2bf109ac5bfe3d4033eb 6654 libs required glibc_2.31-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAl8peqIACgkQE4jA+Jno
M2t90w/+MbKr0hy2c58sfIObUKHZopnmDl0ZLTM57ykPakI5U6jdzbTakRgj6u0s
tcYlaboWew+tTL1hv4aCXBfhnFFJ3SC033RT2MdJjmSGCD2gGJ/DWR6e/sclOy3e
zix2vKGjmdj9mOWML8KMXKG2udnQ4aTm//hAFfPaYtCe1vfHFIHSh+kAweuiJ694
cfc5TFUTxtBfMNDKxZQpYf2C+oNLeIqRZhTRobOcOwYD4R3SBcEKrJc8Z7AEYZXu
qTY6CHIoEW80SpJgi+C64urLR0D7UZtBi36FPwjbzV2ubDhO/cF8sBnYmVXJoDq5
+9KtPNWQmACECkbv8bC0By3yrk9wK94AgYREYZkAB6AfU7SA7PiMESGOkzMEr66W
1nEYJkTxgAx/yId9IuQnEMkSSkUA3Qo6/iVGbgEPloCZCYD82mV7LrZiB9vW0qFY
8df+x87fIOlzdbmZAD8J2xeiJX3V4v4TsmZoFUWeLIISyrolFel03BosAyH+tudn
+wCkU9mKKgF0qILWg6qEhQ5YKSEFPdCyRTNnIDxAXnEVY2LUDjfpNOZpEYYp+3+a
QUPs0AjKYnacPcJ/6uX25/OcsYsS6GhmlOogb3RaRQTZStrWL71ucXqs0Hq6CMtv
WomQsYkPK7luH3fXbg0Q/0Q+IDDjBnNfCitpWpKl8InRvA99wJ0=
=LflU
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: