[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1051958: marked as done (glibc: CVE-2023-4527)

Your message dated Fri, 29 Sep 2023 21:02:33 +0000
with message-id <E1qmKd7-006b3H-Mi@fasolo.debian.org>
and subject line Bug#1051958: fixed in glibc 2.36-9+deb12u2
has caused the Debian Bug report #1051958,
regarding glibc: CVE-2023-4527
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1051958: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051958
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: glibc
Version: 2.37-8
Severity: important
Tags: security upstream
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=30842
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 2.36-9+deb12u1
Control: found -1 2.36-9

Hi,

The following vulnerability was published for glibc.

CVE-2023-4527[0]:
| Stack read overflow in getaddrinfo in no-aaaa mode


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-4527
    https://www.cve.org/CVERecord?id=CVE-2023-4527
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=30842

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: glibc
Source-Version: 2.36-9+deb12u2
Done: Aurelien Jarno <aurel32@debian.org>

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1051958@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 28 Sep 2023 22:50:47 +0200
Source: glibc
Architecture: source
Version: 2.36-9+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Closes: 1050592 1051958
Changes:
 glibc (2.36-9+deb12u2) bookworm; urgency=medium
 .
   * debian/patches/git-updates.diff: update from upstream stable branch:
     - Fix the value of F_GETLK/F_SETLK/F_SETLKW with __USE_FILE_OFFSET64 on
       ppc64el.  Closes: #1050592.
     - Fix a stack read overflow in getaddrinfo in no-aaaa mode
       (CVE-2023-4527).  Closes: #1051958.
     - Fix use after free in getcanonname (CVE-2023-4806, CVE-2023-5156).
     - Update the x86 cacheinfo code to look at the per-thread L3 cache to
       determine the non-temporal threshold. This improves memory and string
       functions on modern CPUs.
     - Fix _dl_find_object to return correct values even during early startup.
     - Always call destructors in reverse constructor order.
Checksums-Sha1:
 4db7080db901fcdee95af1ce929c1f892b71d07e 9761 glibc_2.36-9+deb12u2.dsc
 0aa30aec5f0812b2ae83aa367574d8a9dff12a52 859640 glibc_2.36-9+deb12u2.debian.tar.xz
 c8f37df67f008876d3f16f459cf0cfe0751efb47 9496 glibc_2.36-9+deb12u2_source.buildinfo
Checksums-Sha256:
 4b782d3c596f4bf0881b095142e30279136589e2a9c6d6fa409978d93b0fcbce 9761 glibc_2.36-9+deb12u2.dsc
 c6b872bcb6ee8454983b6f481fc22d4caa2931b378ffc6b5894fc5f7f92a357b 859640 glibc_2.36-9+deb12u2.debian.tar.xz
 63239a3e4525088652df088e474e69992cbd988dc075d63065c5e34a2e302279 9496 glibc_2.36-9+deb12u2_source.buildinfo
Files:
 822d26e34d4f789e5f15be88639fbc75 9761 libs required glibc_2.36-9+deb12u2.dsc
 c290d36af2f588e8b15ee5a152370fd4 859640 libs required glibc_2.36-9+deb12u2.debian.tar.xz
 a27bcd0aa835bac5659d974b805ee415 9496 libs required glibc_2.36-9+deb12u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAmUV5+4ACgkQE4jA+Jno
M2tKzA//SgLyIUuV2nPD44dFyxYt6ZNfc2u6hnKf6rdRo+VM31Xswt6XUwBWPZ/t
wT7wxw5/P3aTkm9fGkajScv+U3PviUu3puOVmEbLk70276zMYSXpauyosoPAzpbh
cMZrfsbocdAscpcKQRRNbOS5c55WRUuupJyIaNbLiDT0PviziwEGhEQrn7gkY4/q
5FzEZq59GIgtHGIoe9zzaWablYP0DkH4O2fkrixbKqceLUIhuVWpQiCVcXFWBO0i
kpNFH53V52CVYzXQhueHDekgEuSo7haU80LtYiBqi/Y3acAP1XVquYn9pe6rpwMg
K6F4eP1kJvYGDOF+OwYeoWC5MVp93VgZCofy24/dxYNuX1b8SA45t+ZjCOzQPa0J
tKPk77emlDQ5f45MWEHcA9+Lq0jJ9QAMLbGZccHonaKSXACrxf2o7M+jqvgCEwAw
qY6k9DI/B4iZC0TPTCG+wem3D0RQGbu1y9uxXpIA8kw4YCXfkWcnlWO4Vu/2PZJC
7vNuolE168bl5e10lwG0eBacxThmSEtnlWP3vQI+5tzcM9U9dmd83rqdzYxzIJ/e
x7k7Jqfdo2X/aUaOhqiDibEz/6MwT1V9jKJh459PhdvgnCn648RP7Kn8ZZn0iyVz
f9wntzuEL5JzTTtzZWFXWO03a/VBvqIPc6EQJquM3y11ZJf16kk=
=wNoQ
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: