[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Git][glibc-team/glibc][bookworm] 8 commits: debian/patches/any/local-CVE-2024-2961-iso-2022-cn-ext.diff: Fix out-of-bound...



Title: GitLab

Aurelien Jarno pushed to branch bookworm at GNU Libc Maintainers / glibc

Commits:

  • 3ee63d1c
    by Aurelien Jarno at 2024-04-19T18:33:08+02:00
    debian/patches/any/local-CVE-2024-2961-iso-2022-cn-ext.diff: Fix out-of-bound writes when writing escape sequence in iconv ISO-2022-CN-EXT module (CVE-2024-2961).  Closes: #1069191.
    
  • 20fa9ac6
    by Aurelien Jarno at 2024-04-19T18:34:28+02:00
    releasing package glibc version 2.36-9+deb12u6
    
  • df18fa3b
    by Aurelien Jarno at 2024-04-30T21:36:35+02:00
    debian/patches/local-CVE-2024-33599-nscd.diff: Fix a stack-based buffer overflow in nscd netgroup cache (CVE-2024-33599).
    
  • 7250dfd1
    by Aurelien Jarno at 2024-04-30T21:45:47+02:00
    debian/patches/local-CVE-2024-33600-nscd.diff: Fix a null pointer dereferences in nscd after failed netgroup cache insertion (CVE-2024-33600).
    
  • 83f48ffd
    by Aurelien Jarno at 2024-04-30T21:45:47+02:00
    debian/patches/any/local-CVE-2024-33601-33602-nscd.diff: Fix a DoS in nscd in case of memory allocation failure (CVE-2024-33601) and a memory corruption in nscd when the underlying NSS callback function does not use the buffer space to store all strings (CVE-2024-33602).
    
  • 99e5fc90
    by Aurelien Jarno at 2024-04-30T23:07:38+02:00
    releasing package glibc version 2.36-9+deb12u7
    
  • 65086b4d
    by Aurelien Jarno at 2024-04-30T23:13:50+02:00
    releasing package glibc version 2.36-9+deb12u7
    
  • e0351e4b
    by Aurelien Jarno at 2024-07-22T22:14:12+02:00
    debian/patches/git-updates.diff: update from upstream stable branch:
    
    * debian/patches/git-updates.diff: update from upstream stable branch:
      - debian/patches/kfreebsd/submitted-auxv.diff: refreshed.
      - debian/patches/any/local-CVE-2024-2961-iso-2022-cn-ext.diff: upstreamed.
      - debian/patches/any/local-CVE-2024-33599-nscd.diff: upstreamed.
      - debian/patches/any/local-CVE-2024-33600-nscd.diff: upstreamed.
      - debian/patches/any/local-CVE-2024-33601-33602-nscd.diff: upstreamed.
      - Fixes ffsll() performance issue depending on code alignment.
      - Fixes memmove/memset on sparc32.
      - Fixes pthread_cancel on sparc32.
      - Fixes a possible crash in _dl_start_user on arm32.
      - Fixes poor malloc/free performance due to lock contentions between
        threads when using core pinning.
      - Uses 64-bit time_t in testsuite on 32-bit systems.
      - Fixes rseq support when built against newer kernel headers.
      - Performance improvements for string functions on arm64.
      - Disables arm64 SVE functions on kernel <= 6.2.0 due to performance
        issues.
      - Fixes ld.so crash on powerpc64* when built with GCC 14.
      - Fixes ld.so crash on amd64 when built with APX enabled.
      - Fixes __WORDSIZE definition on sparc32 with sparcv9.
      - Fixes getutxent() on 32-bit architecture with _TIME_BITS=64.
      - Fixes y2038 regression in nscd following CVE-2024-33601 and
        CVE-2024-33602 fix.
      - Fixes build with --enable-hardcoded-path-in-tests with newer linkers.
      - Fixes crash in wcsncmp() in z13/vector-optimized s390 implementation.
      - Fixes rseq extension mechanism.
      - Fixes misc/tst-preadvwritev2 and misc/tst-preadvwritev64v2 with kernel
        6.9+.
      - Fixes freeing uninitialized memory in libc_freeres_fn().  Closes:
        #1073916.
    

1 changed file:


Reply to: