Your message dated Wed, 18 Jun 2025 05:05:40 +0000
with message-id <e1urkzu-00fbot...@fasolo.debian.org>
and subject line Bug#1107366: fixed in glibc 2.41-9
has caused the Debian Bug report #1107366,
regarding glibc: CVE-2025-5745
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1107366: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107366
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: glibc
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for glibc.
CVE-2025-5745[0]:
| The strncmp implementation optimized for the Power10 processor in
| the GNU C Library version 2.40 and later writes to vector registers
| v20 to v31 without saving contents from the caller (those registers
| are defined as non-volatile registers by the powerpc64le ABI),
| resulting in overwriting of its contents and potentially altering
| control flow of the caller, or leaking the input strings to the
| function to other parts of the program.
https://sourceware.org/bugzilla/show_bug.cgi?id=33060
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-5745
https://www.cve.org/CVERecord?id=CVE-2025-5745
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: glibc
Source-Version: 2.41-9
Done: Aurelien Jarno <aure...@debian.org>
We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1107...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno <aure...@debian.org> (supplier of updated glibc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 18 Jun 2025 06:49:31 +0200
Source: glibc
Architecture: source
Version: 2.41-9
Distribution: unstable
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-gl...@lists.debian.org>
Changed-By: Aurelien Jarno <aure...@debian.org>
Closes: 1107365 1107366
Changes:
glibc (2.41-9) unstable; urgency=medium
.
[ Aurelien Jarno ]
* debian/patches/git-updates.diff: update from upstream stable branch:
- Fix loading TLS-using modules using LD_AUDIT.
- Add tests for CVE-2025-4802.
- Fix swapped wcsncpy and wcpncpy function names in IFUNC definition.
- Fix elf/tst-execstack-prog-static-tunable on sparc64.
- Remove POWER10 optimized strcmp function (GLIBC-SA-2025-0003 /
CVE-2025-5702). Closes: #1107365.
- Remove POWER10 optimized strncmp function (GLIBC-SA-2025-0004 /
CVE-2025-5745). Closes: #1107366.
- Remove POWER10 optimized memchr function.
.
[ Samuel Thibault ]
* debian/patches/hurd-i386/git-rename.diff: Make rename refuse trailing
slashes.
* debian/patches/hurd-i386/local-64b-align.diff: Avoid 64b typing error on
RPCs using 64b fields in structures.
Checksums-Sha1:
7ed7aa37dc9ae529ebf7a3d180f2502cfadef84c 7540 glibc_2.41-9.dsc
fd02925c546d78a0f753486dbd5cd51d330af13a 433452 glibc_2.41-9.debian.tar.xz
c34acccda144bf1326acfbd54f4b005bba70ef3c 9350 glibc_2.41-9_source.buildinfo
Checksums-Sha256:
9bb699c6780fc17a03014cdacfafd2cca8a9574c0452cc01668e8034532e2460 7540
glibc_2.41-9.dsc
afa8cbb8c71ab1fffafdbb5e7fa8227443cdc761a157a15b49b1d4592053ba83 433452
glibc_2.41-9.debian.tar.xz
df2981702ce3b4a2c9dec85e56543b5650bd1d4f902d296da20474df768b96bb 9350
glibc_2.41-9_source.buildinfo
Files:
6fe246d052b7480c2c51f4ab9f21a7eb 7540 libs required glibc_2.41-9.dsc
f92e4b11a5bc9a3d263a30cf89df3150 433452 libs required
glibc_2.41-9.debian.tar.xz
b954028c695660238671c6222e5f398b 9350 libs required
glibc_2.41-9_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAmhSRnsACgkQE4jA+Jno
M2sSDw/+PlFMCgI3VxEN+96e5bkfNyMgzT1enfbdKrJvs4oczTToH/kED/zQkX1c
EG55HqWd3g4jOjzkFf553WSsXo0TW+f7KGCArCoyeZwwua25doGdlcv/xSQxka4y
VWhflONbdn7VdMTWEj0CWj5hO/Fy1+dbP2hNsqr3EshT7ebxTH2ds3kTs6ycf+Ao
TyWWGPs71ChTWaO8HYqK2fIqXsSWc1IgetSOGIrNQaKd76Gob3tgOKfX7gRAQw6a
yUcVTFFCaqpiHpRtASMAKK8Fz1Vl5Rmc14JdrYiPQAhWFkCLKw92gAFyg/r5VSbN
kMSucumkii7NtXTYvslQSWbTMYbLuJDpFfou4+Frjg8MC4mPhM8w/09phOwVlsYx
7MA3Rq2hykRRA6A/3ysG+Ji3VNzH0iWzuUT7iD9k9rvD39HGF9A1h1wKl6o4r7LS
97GCSkYqLdngG2jctYAgeX9cJsygGrNFK8zXMYwrGTLCZPCckam0Z8R/He47s3m+
B7W44u++gbTEkxa5BXANg2QleYQTxlEds+cB6CIYzeaUaiE5kX2jaLthJo01ywK7
ypeHavvc5vjdjYoQHNBmzhIc7GAz8ABzZ6BQDlx1KORRny56SW73Ea/3P71X6Ui7
OW9iuKOd2dBmKhcoU21mmm0z4Jl30OmR+1RR2n9AOTkCQw/PqrU=
=K8oN
-----END PGP SIGNATURE-----
pgp42GMR3GsXR.pgp
Description: PGP signature
--- End Message ---
