Bug#865381: unblock: glibc/2.24-12

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#865381: unblock: glibc/2.24-12
From: Aurelien Jarno <aurel32@debian.org>
Date: Tue, 20 Jun 2017 22:49:23 +0200
Message-id: <[🔎] 149799176337.5092.8899521835536224549.reportbug@ohm.local>
Reply-to: Aurelien Jarno <aurel32@debian.org>, 865381@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

glibc version 2.24-12 includes an important security fix 
(CVE-2017-1000366) that should probably fixed asap in buster. It
contains other changes which should have no impact on
debian-installer. Here is the full changelog:

| glibc (2.24-12) unstable; urgency=high
| 
|   [ Aurelien Jarno ]
|   * debian/patches/git-updates.diff: update from upstream stable branch:
|     - Drop patches/any/cvs-remove-pid-tid-cache-clone.diff (merged upstream).
|     - Remove wrong assertion on parent PID in fork.
|     - Fix 64-bit atomics on m68k.  Closes: #855692.
|   * debian/debhelper.in/libc.templates: update the kernel 3.2 warning to
|     mention that the support limitation comes from Debian and not from
|     upstream.  Closes: #864720.
|   * debian/rules, debian/rules.d/build.mk: do not capture the build path
|     when generating glibc-source tarball.  Closes: #861183.
|   * debian/control.in/main: build-depends on gperf.  Closes: #847478.
|   * debian/patches/hppa/submitted-longjmp.diff: new patch from Helge Deller
|     to fix longjmp on hppa.  Closes: #858738.
|   * debian/sysdeps/mipsel.mk, debian/sysdeps/mips64el.mk: leave the default
|     GCC ISA level, currently MIPS32R2/MIPS64R2.
|   * debian/patches/any/local-CVE-2017-1000366-rtld-LD_AUDIT.diff,
|     debian/patches/any/local-CVE-2017-1000366-rtld-LD_LIBRARY_PATH.diff,
|     debian/patches/any/local-CVE-2017-1000366-rtld-LD_PRELOAD.diff: add
|     patches to protect the dynamic linker against stack clashes
|     (CVE-2017-1000366).
|   * debian/patches/any/cvs-vectorized-strcspn-guards.diff: patch backported
|     from upstream to allow usage of strcspn in ld.so.
|   * debian/patches/any/cvs-hwcap-AT_SECURE.diff: patch backported from
|     upstream to disable HWCAP for AT_SECURE programs.
| 
|   [ John Paul Adrian Glaubitz ]
|   * debian/sysdeps/sh3.mk: copy from sh4.mk.  Closes: #851867.
| 
|  -- Aurelien Jarno <aurel32@debian.org>  Sun, 18 Jun 2017 20:04:53 +0200

Could you therefore please unblock this package:

unblock glibc/2.24-12

Thanks,
Aurelien

-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Reply to:

Follow-Ups:
- Bug#865381: unblock: glibc/2.24-12
  - From: Emilio Pozuelo Monfort <pochu@debian.org>
- Bug#865381: marked as done (unblock: glibc/2.24-12)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Re: Debian 9.0
Next by Date: Bug#865383: RM: rant/0.5.8-8
Previous by thread: Bug#863682: jessie-pu: package intel-microcode/3.20170511.1~deb8u1 [v2]: target jessie
Next by thread: Bug#865381: unblock: glibc/2.24-12
Index(es):
- Date
- Thread