Bug#1053002: marked as done (glibc: CVE-2023-5156: Memory leak in getaddrinfo after fix for CVE-2023-4806)
Your message dated Wed, 27 Sep 2023 19:06:03 +0000
with message-id <E1qlZrH-00EIt4-0m@fasolo.debian.org>
and subject line Bug#1053002: fixed in glibc 2.37-11
has caused the Debian Bug report #1053002,
regarding glibc: CVE-2023-5156: Memory leak in getaddrinfo after fix for CVE-2023-4806
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
-- 
1053002: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053002
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: glibc
Version: 2.37-10
Severity: important
Tags: security upstream
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=30884
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerability was published for glibc.
Filling mainly for tracking of the issue.
CVE-2023-5156[0]:
| A flaw was found in the GNU C Library. A recent fix for
| CVE-2023-4806 introduced the potential for a memory leak, which may
| result in an application crash.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-5156
    https://www.cve.org/CVERecord?id=CVE-2023-5156
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=30884
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: glibc
Source-Version: 2.37-11
Done: Aurelien Jarno <aurel32@debian.org>
We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1053002@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 27 Sep 2023 20:50:25 +0200
Source: glibc
Architecture: source
Version: 2.37-11
Distribution: unstable
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Closes: 1053002
Changes:
 glibc (2.37-11) unstable; urgency=medium
 .
   [ Samuel Thibault ]
   * debian/testsuite-xfail-debian.mk: Update xfails for hurd-i386.
 .
   [ Aurelien Jarno ]
   * debian/patches/git-updates.diff: update from upstream stable branch:
     - Fix a memory leak in getaddrinfo introduced by fix for CVE-2023-4806
       (CVE-2023-5156).  Closes: #1053002.
Checksums-Sha1:
 003fb93d15e977e74bfb094ce57bf6c74d0eff39 8963 glibc_2.37-11.dsc
 61b9decb2abcdb5c7b0687086be2afb9250ef258 411240 glibc_2.37-11.debian.tar.xz
 84b6df5820179ac3557ea690ba5b81fda2c484c3 9762 glibc_2.37-11_source.buildinfo
Checksums-Sha256:
 ae23fa9712809307d2e5ce9145cde0b6bf84fc17cd4fdf9119d32b7327eb76b9 8963 glibc_2.37-11.dsc
 0726d1bd3102977dfd36e5ded912ee3dc46ae2e87479274e209312507b10419b 411240 glibc_2.37-11.debian.tar.xz
 596db967acaae5642948f8480c8ddd0c60322d2565b3f4e039323f7b07cf48a4 9762 glibc_2.37-11_source.buildinfo
Files:
 720da2619a7711892bd62d5bd54ecb41 8963 libs required glibc_2.37-11.dsc
 27e3e3165dc67f74a787f831e064801f 411240 libs required glibc_2.37-11.debian.tar.xz
 d145368f9fe92f3eeb1b0e5628518319 9762 libs required glibc_2.37-11_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAmUUekwACgkQE4jA+Jno
M2uJ+Q//Vfp4U2vg3pDF86WmToY1e021tVMET+vFo40UGyB7buiALeSXx7B270be
1LHU9gZA3h7morPYUMyD6CA4dGLHIt2sqNTVd3atDdowFMCPZEP11n22p0v54mPi
59Az1+nawKxMXPLkp5lTVUp1jFf+Hgf+IAX8o6oOR2KBma4inIxtrsG8Eafir6m3
UKhBMnfW6c5dkspySybhsD3zuFDI+szENm7wBms4NnZd84TU34+awqJnHAkgyCk2
gCKpb6JYm6nY3Xa/mbvnyAa7gqD/IvSMPTru/nwKxhm/nKGCd/CHsmMlR+J9QsbH
6BA1AvgmxC4ldyNAgs48XjHu4vxnerr/9ysExO4o+rmBxNo4/h4wsYshU0pnslrR
BwVGlapmJXBsTtwh7S0+tMns8ikKLIzBijL/TEHLU2ikbVj4DH1KpGkYkw/EQ2ay
vZyYtraRx0hInOTHC7doXQx+Yg2bSQ0OMc3jcS7cWYiDthzfq1K3JCb0XFtoGFhh
Ufp2PkZ0xajxhGHgdnV8mTjJrwwwheULfVOTAT19tt4vDA2G6AnI12SgIhLpMyO1
3kw7durN2acdUBHNl8NfGagXiq9k+/yY3T8BkCJqHjIS35jB3SQ/nkH6aapePZpI
n/FyH0e+oFsmapP9LKO/Xfl9moxq6DYYjSSr3rJ8d/ENjMv156E=
=FBdT
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: