Your message dated Sun, 08 Feb 2015 16:34:20 +0000 with message-id <e1ykuoo-0005it...@franck.debian.org> and subject line Bug#777197: fixed in glibc 2.19-15 has caused the Debian Bug report #777197, regarding glibc: CVE-2015-1472 CVE-2015-1473 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 777197: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777197 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: glibc Severity: grave Tags: security Justification: user security hole Hi, please see https://sourceware.org/bugzilla/show_bug.cgi?id=16618 The patch is here: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06 This was introduced by https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0 (2.15). Since the patch was backported into wheezy, it is also affected (while squeeze is not). Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: glibc Source-Version: 2.19-15 We believe that the bug you reported is fixed in the latest version of glibc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 777...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aurelien Jarno <aure...@debian.org> (supplier of updated glibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 08 Feb 2015 15:54:37 +0100 Source: glibc Binary: libc-bin libc-dev-bin glibc-doc glibc-source locales locales-all nscd multiarch-support libc6 libc6-dev libc6-dbg libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc libc6-dev-sparc libc6-sparc64 libc6-dev-sparc64 libc6-s390 libc6-dev-s390 libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mips32 libc6-dev-mips32 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-x32 libc6-dev-x32 libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libc6-loongson2f libnss-dns-udeb libnss-files-udeb Architecture: source all amd64 Version: 2.19-15 Distribution: unstable Urgency: medium Maintainer: GNU Libc Maintainers <debian-gl...@lists.debian.org> Changed-By: Aurelien Jarno <aure...@debian.org> Description: glibc-doc - GNU C Library: Documentation glibc-source - GNU C Library: sources libc-bin - GNU C Library: Binaries libc-dev-bin - GNU C Library: Development binaries libc0.1 - GNU C Library: Shared libraries libc0.1-dbg - GNU C Library: detached debugging symbols libc0.1-dev - GNU C Library: Development Libraries and Header Files libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64 libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64 libc0.1-i686 - GNU C Library: Shared libraries [i686 optimized] libc0.1-pic - GNU C Library: PIC archive library libc0.1-udeb - GNU C Library: Shared libraries - udeb (udeb) libc0.3 - GNU C Library: Shared libraries libc0.3-dbg - GNU C Library: detached debugging symbols libc0.3-dev - GNU C Library: Development Libraries and Header Files libc0.3-i686 - GNU C Library: Shared libraries [i686 optimized] libc0.3-pic - GNU C Library: PIC archive library libc0.3-udeb - GNU C Library: Shared libraries - udeb (udeb) libc0.3-xen - GNU C Library: Shared libraries [Xen version] libc6 - GNU C Library: Shared libraries libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64 libc6-dbg - GNU C Library: detached debugging symbols libc6-dev - GNU C Library: Development Libraries and Header Files libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64 libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64 libc6-dev-mips32 - GNU C Library: o32 Development Libraries for MIPS libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64 libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64 libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for ppc64 libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64 libc6-dev-s390 - GNU C Library: 32bit Development Libraries for IBM zSeries libc6-dev-sparc - GNU C Library: 32bit Development Libraries for SPARC libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC libc6-dev-x32 - GNU C Library: X32 ABI Development Libraries for AMD64 libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64 libc6-i686 - GNU C Library: Shared libraries [i686 optimized] libc6-loongson2f - GNU C Library: Shared libraries (Loongson 2F optimized) libc6-mips32 - GNU C Library: o32 Shared libraries for MIPS libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64 libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64 libc6-pic - GNU C Library: PIC archive library libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64 libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64 libc6-s390 - GNU C Library: 32bit Shared libraries for IBM zSeries libc6-sparc - GNU C Library: 32bit Shared libraries for SPARC libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC libc6-udeb - GNU C Library: Shared libraries - udeb (udeb) libc6-x32 - GNU C Library: X32 ABI Shared libraries for AMD64 libc6-xen - GNU C Library: Shared libraries [Xen version] libc6.1 - GNU C Library: Shared libraries libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized) libc6.1-dbg - GNU C Library: detached debugging symbols libc6.1-dev - GNU C Library: Development Libraries and Header Files libc6.1-pic - GNU C Library: PIC archive library libc6.1-udeb - GNU C Library: Shared libraries - udeb (udeb) libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb) libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb) locales - GNU C Library: National Language (locale) data [support] locales-all - GNU C Library: Precompiled locale data multiarch-support - Transitional package to ensure multiarch compatibility nscd - GNU C Library: Name Service Cache Daemon Closes: 777197 Changes: glibc (2.19-15) unstable; urgency=medium . [ Aurelien Jarno ] * debian/patches/any/cvs-wscanf.diff: new patch from upstream to fix a heap buffer overflow in wscanf (CVE-2015-1472, CVE-2015-1473). Closes: #777197. Checksums-Sha1: c155f97e2cc122bb82819645e04590271961d247 8208 glibc_2.19-15.dsc 8a51bc9c209b3adef5271e18d2b4a93867f3d622 1039604 glibc_2.19-15.debian.tar.xz d2db4cfa2c9085610fa7c8673f07dbe7cb53dd12 2264696 glibc-doc_2.19-15_all.deb c96a090446f59cf46f2596bc549246f23d9bd6f5 13938480 glibc-source_2.19-15_all.deb 9420dda9c185d1d0d6abd14d56958a5dd8f22420 3937166 locales_2.19-15_all.deb Checksums-Sha256: 41d3128ebdafd04dbe6c1b7ffbe62c1aec536f63e7874cfea225c6e4d6ec056c 8208 glibc_2.19-15.dsc 96d9de5b3ae0ce86cb5711904de4ef8f09482a5d591bbf4da12d5d2cbc721204 1039604 glibc_2.19-15.debian.tar.xz a24309510c88c613c3b42cf8c5b3c333c1445a16ce960a542ceb0e562dfe97e0 2264696 glibc-doc_2.19-15_all.deb 408f4eb411004152eb0a7bd1ba6799a72f69aafdf7da938c2f1e91824af794da 13938480 glibc-source_2.19-15_all.deb 8e34d7108c8ddf744a8da6a3a907a6bb76889ca685b8d239405c3fda04ac11ec 3937166 locales_2.19-15_all.deb Files: 5520aa6db9b92208bf6c2962b151c684 8208 libs required glibc_2.19-15.dsc bfa8b23dcc421e949661ea88087848dc 1039604 libs required glibc_2.19-15.debian.tar.xz 9082d56a187224dde75509608cca1ba3 2264696 doc optional glibc-doc_2.19-15_all.deb 239dd67638485b5136e48d2f358f6e48 13938480 devel optional glibc-source_2.19-15_all.deb 84652f43c8b8b3b41e8cd0b27a2fc238 3937166 localization standard locales_2.19-15_all.deb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJU14zzAAoJELqceAYd3YybJ3kQAKK9LtlJ3MDzDSOMu7pcwasz 401TzpYDkkhoZS4v4ORE0NemOqfZMH4jLIAPuYnYebZZtE+zieO3zog0bw8Y1vCG uRMx/bCcIsWZ1DmK5+W8yLIC9QSPMIuumeZmxMiosmuEzYTUEEYS6HFhWn87Lh54 W4jHHeVBROovhdd+8J8yHfS+5ttLsNtlQxgQjKQfkpuLchTlxQ6aU8QJ7lVI8zfW K3c8kEwuizPl8ATXAvfPUr9OiHSXo7L8Kza2+8hRG48ZdNa40E+oFVqDFgx9h3BL 23Ndk2wiR4Itgk7s7GeQedj+aOrfurEQfweyVeKJXQskonhqxtgm2hwpyaBjBVZG bnDPi8qC+4BMawoDOdHppKeNf/1ldD66i3UOSwQVWeUCJYJtmwmjIJ+xfgEeG0Fk MTNHaj7IIRK1QfX4fi4zpBTQD96jcafqY8s+ho5nSXWKQFHSV8WzkknWa/U/c6ub y8w/YyYtrLi3i+nLju9uFHe9ijqW90KXaHDMgcKdEUUe6Up4kj1cBE2epsrIkfFw H7xVZo41QW6WyNC5SFaKkSveoXJr3+LUlfWngme3tmC4G6ItA3VuTsZUA1CURa2x k2K5r6ic6wShFtYTeLlQYRG+DAbt60fbwK5LYjiiPgfT6G1u3jgmnIBL3vVXHJ8e uSejSz/oT4VG5Uvsu8wb =MKfO -----END PGP SIGNATURE-----
--- End Message ---
