Bug#990542: marked as done (glibc: CVE-2021-35942)

[Abdul aziz ibrahim <star_angellady@yahoo.com>]

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


--
990542: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990542
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

On Tuesday, July 6, 2021, 1:21:30 PM PDT, Debian Bug Tracking System <owner@bugs.debian.org> wrote:

Your message dated Tue, 06 Jul 2021 20:18:00 +0000
with message-id <E1m0rW4-0005RN-OA@fasolo.debian.org>
and subject line Bug#990542: fixed in glibc 2.31-13
has caused the Debian Bug report #990542,
regarding glibc: CVE-2021-35942
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


--
990542: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990542
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

Source: glibc
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for glibc.

CVE-2021-35942[0]:
Wild read in wordexp (parse_param)

https://sourceware.org/bugzilla/show_bug.cgi?id=28011
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-35942
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35942

Please adjust the affected versions in the BTS as needed.

Source: glibc

Source-Version: 2.31-13

Done: Aurelien Jarno <aurel32@debian.org>

We believe that the bug you reported is fixed in the latest version of

glibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is

attached.

Thank you for reporting the bug, which will now be closed.  If you

have further comments please address them to 990542@bugs.debian.org,

and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software

pp.

Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you

believe that there is a problem with it please contact the archive

administrators by mailing ftpmaster@ftp-master.debian.org)

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA512

Format: 1.8

Date: Tue, 06 Jul 2021 21:16:59 +0200

Source: glibc

Architecture: source

Version: 2.31-13

Distribution: unstable

Urgency: medium

Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>

Changed-By: Aurelien Jarno <aurel32@debian.org>

Closes: 990069 990542

Changes:

glibc (2.31-13) unstable; urgency=medium

.

  [ Colin Watson ]

  * debian/debhelper.in/libc.postinst, script.in/nsscheck.sh: Look for

    openssh-server package rather than ssh.  Closes: #990069

.

  [ Aurelien Jarno ]

  * debian/patches/git-updates.diff: update from upstream stable branch:

    - Fix an arbitrary read in wordexp() (CVE-2021-35942).  Closes:

      #990542.

Checksums-Sha1:

8b605f3f6e7a706e9c191e45f9bcb9eca62891b6 8315 glibc_2.31-13.dsc

77fd52762e70da4c16d26185f38f4b447980ba6d 911724 glibc_2.31-13.debian.tar.xz

7825505d9379137ed514e778424d2fbf3f790a94 8582 glibc_2.31-13_source.buildinfo

Checksums-Sha256:

85cab7f072d1371775f225d3bbf89a7c2baff10fa1c4de0116e9868716c47a97 8315 glibc_2.31-13.dsc

a1f2a1ef54a13edb7185a995f4db050a8fa74f05fe4f271ef0c51d8d99285436 911724 glibc_2.31-13.debian.tar.xz

b0ff883c8fb15cf0d18a015f443a457cdf7809f8886a29b4353b4c9f80016107 8582 glibc_2.31-13_source.buildinfo

Files:

89ff6cf5fc6d9567267879920e022e9a 8315 libs required glibc_2.31-13.dsc

9e6befae0adbc100cb3c2c3229c39808 911724 libs required glibc_2.31-13.debian.tar.xz

9ad5197f170b68b662e1f936544b7800 8582 libs required glibc_2.31-13_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAmDksskACgkQE4jA+Jno

M2vFOBAAlVCVwI4JSS6VdaEhvL87Nqv/tQybvm+/xYYg3HOmYZbzxYwZg3L5OxgI

G/3AtZ1ndbh8jgkvwr87zaXPIlI8veFGITyYAry8qzKqfVLGGTijQm4Q2++TlSRD

FWBlH7U+VACJvqSALW/Ddz/4CSMy7p5rby/cQTU60VYjAirqkw5ymyzXtjL20tFF

448RvjvhFE1fC/GFVnwX0Xjw0atLdzxue36KnL0HEuvIPLAuYYCM3D3+Q34NP2Vm

O3UNkhB9u6+ohqDtmERoXKeNmVMbwWUuxj60fUrtx+WrtUVxLFWR5cSuq59CNKKr

o5XExTQVVTr3SxiddEI8d6M+dcNvZnLe/+GBcKrBWRYdjBVVEoeGQy3bdPJ9TeW+

CFArGWiQcBQlW0Ht27NqNXwVzjUURWMLHO2E5q+W6EfvJk/0XKGWnSmnw8WbzGKD

HCRZvm9FawB22L8mXCdeTLrQA+6TM9pFB8/EgpB98qO3e8cqXAx/djFE0hua/U2W

Dn4NfcZ4v36lVW4H+9iZrhk3RgGFTJR6ztzz65fkRt3jCG/X4hZRmceIdTT7hGlz

6BXzUFhQo29enZjLHtKpx8RMtWTKqOQpMFyQJ0p5zSLr8/+LdVnBp+X1fuM3c1CQ

nYXV2XaWgD+fiGswShHIZhhJQIm5Wxpz2hRxfizAuPOF3KV4FDg=

=S/BB

-----END PGP SIGNATURE-----