Your message dated Thu, 26 Nov 2015 15:20:15 +0000
with message-id <e1a1ylh-0006ac...@franck.debian.org>
and subject line Bug#803927: fixed in eglibc 2.11.3-4+deb6u8
has caused the Debian Bug report #803927,
regarding glibc: multiple overflows in strxfrm()
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
803927: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803927
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: glibc
Version: 2.19-22
Severity: serious
Tags: security fixed-upstream
Control: forwarded -1 https://sourceware.org/bugzilla/show_bug.cgi?id=16009

Hello,

libc6 is vulnerable to buffer overruns in strxfrm() as reported
in the following upstream ticket:
https://sourceware.org/bugzilla/show_bug.cgi?id=16009

The issue is fixed in glibc 2.21.

No CVE has been assigned yet even though it had been requested
in http://openwall.com/lists/oss-security/2015/09/08/2

The upstream patch is available here:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=0f9e585480ed

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

--- End Message ---
--- Begin Message ---
Source: eglibc
Source-Version: 2.11.3-4+deb6u8

We believe that the bug you reported is fixed in the latest version of
eglibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 803...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Raphaël Hertzog <hert...@debian.org> (supplier of updated eglibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 26 Nov 2015 09:49:29 +0100
Source: eglibc
Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd 
libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev 
libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev 
libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev 
libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 
libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 
libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 
libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 
libc0.1-dev-i386 libc6-sparcv9b libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 
libc0.3-xen libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb
Architecture: source all amd64
Version: 2.11.3-4+deb6u8
Distribution: squeeze-lts
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-gl...@lists.debian.org>
Changed-By: Raphaël Hertzog <hert...@debian.org>
Description: 
 eglibc-source - Embedded GNU C Library: sources
 glibc-doc  - Embedded GNU C Library: Documentation
 libc-bin   - Embedded GNU C Library: Binaries
 libc-dev-bin - Embedded GNU C Library: Development binaries
 libc0.1    - Embedded GNU C Library: Shared libraries
 libc0.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for 
AMD64
 libc0.1-i386 - Embedded GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - Embedded GNU C Library: PIC archive library
 libc0.1-prof - Embedded GNU C Library: Profiling Libraries
 libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - Embedded GNU C Library: Shared libraries
 libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.3-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.3-pic - Embedded GNU C Library: PIC archive library
 libc0.3-prof - Embedded GNU C Library: Profiling Libraries
 libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3-xen - Embedded GNU C Library: Shared libraries [Xen version]
 libc6      - Embedded GNU C Library: Shared libraries
 libc6-amd64 - Embedded GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - Embedded GNU C Library: detached debugging symbols
 libc6-dev  - Embedded GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - Embedded GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - Embedded GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips64 - Embedded GNU C Library: 64bit Development Libraries for 
MIPS64
 libc6-dev-mipsn32 - Embedded GNU C Library: n32 Development Libraries for 
MIPS64
 libc6-dev-powerpc - Embedded GNU C Library: 32bit powerpc development 
libraries for p
 libc6-dev-ppc64 - Embedded GNU C Library: 64bit Development Libraries for 
PowerPC64
 libc6-dev-s390x - Embedded GNU C Library: 64bit Development Libraries for IBM 
zSeri
 libc6-dev-sparc64 - Embedded GNU C Library: 64bit Development Libraries for 
UltraSPAR
 libc6-i386 - Embedded GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc6-mips64 - Embedded GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - Embedded GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - Embedded GNU C Library: PIC archive library
 libc6-powerpc - Embedded GNU C Library: 32bit powerpc shared libraries for 
ppc64
 libc6-ppc64 - Embedded GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-prof - Embedded GNU C Library: Profiling Libraries
 libc6-s390x - Embedded GNU C Library: 64bit Shared libraries for IBM zSeries
 libc6-sparc64 - Embedded GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-sparcv9b - Embedded GNU C Library: Shared libraries [v9b optimized]
 libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc6-xen  - Embedded GNU C Library: Shared libraries [Xen version]
 libc6.1    - Embedded GNU C Library: Shared libraries
 libc6.1-alphaev67 - Embedded GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc6.1-pic - Embedded GNU C Library: PIC archive library
 libc6.1-prof - Embedded GNU C Library: Profiling Libraries
 libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - Embedded GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - Embedded GNU C Library: NSS helper for files - udeb (udeb)
 locales    - Embedded GNU C Library: National Language (locale) data [support]
 locales-all - Embedded GNU C Library: Precompiled locale data
 nscd       - Embedded GNU C Library: Name Service Cache Daemon
Closes: 803927
Changes: 
 eglibc (2.11.3-4+deb6u8) squeeze-lts; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS team.
   * debian/patches/any/cvs-bugzilla-16009-strxfrm-buffer-overflows.diff: patch
     from upstream to fix memory allocations issues that can lead to buffer
     overflows on the stack. Closes: #803927
Checksums-Sha1: 
 081064175abb33d0e83fd37e9067b397d026d8fa 2957 eglibc_2.11.3-4+deb6u8.dsc
 bac10c339647cea26466e059c09c50e4f41b3898 977944 eglibc_2.11.3-4+deb6u8.diff.gz
 6cf13a674bfc5f444978ba6bfe26dab530a98e19 1854006 
glibc-doc_2.11.3-4+deb6u8_all.deb
 d0dba62696d230a589c8ec8e8f64f5d1cb903ddf 11180074 
eglibc-source_2.11.3-4+deb6u8_all.deb
 f1d9a99ad098cfc50529898fbd6ae5d9733cb0ed 4765284 
locales_2.11.3-4+deb6u8_all.deb
 15295965c35c281322ada9f80f56ad5cffc60e80 4286126 
libc6_2.11.3-4+deb6u8_amd64.deb
 0796b646c73bc7807744483bed1444a2adf7886e 2615718 
libc6-dev_2.11.3-4+deb6u8_amd64.deb
 166150ca0e5663cf7288215714501b0f04f10ae7 2058996 
libc6-prof_2.11.3-4+deb6u8_amd64.deb
 44757b48061335b2bda3b244ceef07cff4095734 1573022 
libc6-pic_2.11.3-4+deb6u8_amd64.deb
 d4ef77dfb83666e08d015337815d902eb2b8d49f 758528 
libc-bin_2.11.3-4+deb6u8_amd64.deb
 4b9d54fdc84c5a60e4a2d76546c8f52f9bc6449d 212042 
libc-dev-bin_2.11.3-4+deb6u8_amd64.deb
 377d538d83773eb84f56e43dc96a88731b462b9a 3655830 
locales-all_2.11.3-4+deb6u8_amd64.deb
 6cdd67d0359244c2cb82152dbe9a8d1dd7114d5f 3829342 
libc6-i386_2.11.3-4+deb6u8_amd64.deb
 0dad089625703db459516ab53bc258da62c7422d 1554402 
libc6-dev-i386_2.11.3-4+deb6u8_amd64.deb
 4eb0cc87a6eada5806e25f5deaad8021341c450c 200298 nscd_2.11.3-4+deb6u8_amd64.deb
 f9c1c97ad4dc629ed863bfd3b5bdc0fac871e497 10522714 
libc6-dbg_2.11.3-4+deb6u8_amd64.deb
 a2a53ec84a20eabc15ee8d6735cfe861bdbd20c0 1171682 
libc6-udeb_2.11.3-4+deb6u8_amd64.udeb
 342e8beee237fa2d979862f55525c2b8734efb1a 11108 
libnss-dns-udeb_2.11.3-4+deb6u8_amd64.udeb
 ba93e607bbf09836c6a23ceccd7a4e5b226433f6 20142 
libnss-files-udeb_2.11.3-4+deb6u8_amd64.udeb
Checksums-Sha256: 
 d1c9e4690780a28d319c92f12e26fc22ce0606d1390783b6b8121f6bd8925cc1 2957 
eglibc_2.11.3-4+deb6u8.dsc
 4524b6524e5aae33b564985fca3243dc5b95fdd0aae5af2bebfd506f4a902d8c 977944 
eglibc_2.11.3-4+deb6u8.diff.gz
 d3381120c3a4a65ecfeb159c71d10df3163e4329f99ecc330e621cb7755cca49 1854006 
glibc-doc_2.11.3-4+deb6u8_all.deb
 81962581f37497b7e539a4c886ca72b500be94c8d074a227fea4b3da0da4cc91 11180074 
eglibc-source_2.11.3-4+deb6u8_all.deb
 16f1a361772833feb25a081f10e2abf9a1ff496d9d7536f9ef72ee3863b0bed6 4765284 
locales_2.11.3-4+deb6u8_all.deb
 fb7ed40de12bd3f3a2e98defdbd3137e630d874fa7371c6753e4181049e7cdcb 4286126 
libc6_2.11.3-4+deb6u8_amd64.deb
 4cb1cd0e001071018e053606718595e38c6ceff506696b6c35afcbe78407d3cb 2615718 
libc6-dev_2.11.3-4+deb6u8_amd64.deb
 18fe0fb6e99b3fbc600af1d0053ecaae803a73ed7f1f1ca1dbf55c26424b9d84 2058996 
libc6-prof_2.11.3-4+deb6u8_amd64.deb
 6b770cfc1ff2a20a5997844fdd798c0779ad43957337b1d55108ee5a2d472a51 1573022 
libc6-pic_2.11.3-4+deb6u8_amd64.deb
 f5b1a36b73c617b2ddd2fce5731bd6c10a4dd8ca468f5ae0f6afcc7c0f495536 758528 
libc-bin_2.11.3-4+deb6u8_amd64.deb
 53142c43a4b3fb3fb9044fcaa7d64c163cb8abe35b54f9bdf56f8d3372d9e5ec 212042 
libc-dev-bin_2.11.3-4+deb6u8_amd64.deb
 cb725a4023f57c898ab2406d9f388ce0ee9be2bedcaefb9866104d0af7591521 3655830 
locales-all_2.11.3-4+deb6u8_amd64.deb
 eaeca1ec0808ab24bf24bc457fe1ee5861423c2024ea50bbb550bc3afec1ce8a 3829342 
libc6-i386_2.11.3-4+deb6u8_amd64.deb
 ac5d415f127fba4f5d7b9bd23d05a3e46bc05b2447f6dd110724aa8c7ab79410 1554402 
libc6-dev-i386_2.11.3-4+deb6u8_amd64.deb
 01d2259d6a391d562c3ca49990a863fcdf19130e1df0c1c6cff1f4e6fe5d0764 200298 
nscd_2.11.3-4+deb6u8_amd64.deb
 c122061d696a2020a9e271dcda41d39379bea28a1ec603997dab6a256e9eea21 10522714 
libc6-dbg_2.11.3-4+deb6u8_amd64.deb
 4d1ff643a4b8e857d381dac21c7a36d57592016097456b8b5fa469bea2c6ddc2 1171682 
libc6-udeb_2.11.3-4+deb6u8_amd64.udeb
 1c3c286b615269a9ee7fa0640859c40a28a5815d56d92b5b096de8fa3c003141 11108 
libnss-dns-udeb_2.11.3-4+deb6u8_amd64.udeb
 2675dd9d1798a9b06e9bcf6c1dac2075a98b3a0c6039a2655105b27752ff4e76 20142 
libnss-files-udeb_2.11.3-4+deb6u8_amd64.udeb
Files: 
 eeb3a9e9b198b0e0094c6cb4ca3d6414 2957 libs required eglibc_2.11.3-4+deb6u8.dsc
 0853a40bb96155bcde6616ea207a8686 977944 libs required 
eglibc_2.11.3-4+deb6u8.diff.gz
 5a260719c02249ffd8977bba2bdf4092 1854006 doc optional 
glibc-doc_2.11.3-4+deb6u8_all.deb
 8882c980cb6a63052256f60dd0c40bb5 11180074 devel optional 
eglibc-source_2.11.3-4+deb6u8_all.deb
 0f7bf6ad012f3fb253f1585760213a63 4765284 localization standard 
locales_2.11.3-4+deb6u8_all.deb
 0f40b0c30bafd8c685cefd8cdb576268 4286126 libs required 
libc6_2.11.3-4+deb6u8_amd64.deb
 ae3c3ff8758a0813c81f61b76b01c135 2615718 libdevel optional 
libc6-dev_2.11.3-4+deb6u8_amd64.deb
 7158c1dff6ffc7975e6804fcb5628582 2058996 libdevel extra 
libc6-prof_2.11.3-4+deb6u8_amd64.deb
 d743bf6c268ac9c19b7cfc4daef5c811 1573022 libdevel optional 
libc6-pic_2.11.3-4+deb6u8_amd64.deb
 afdd2f087f79882f63095f67a27fbe3a 758528 libs required 
libc-bin_2.11.3-4+deb6u8_amd64.deb
 edfd742e31c5923545ff10c5731fc1a5 212042 libdevel optional 
libc-dev-bin_2.11.3-4+deb6u8_amd64.deb
 3a52267ef1535fefd183d2e7afa86ab7 3655830 localization extra 
locales-all_2.11.3-4+deb6u8_amd64.deb
 8ecca8c0e1ecc6cf76b16dcf284b0f7f 3829342 libs optional 
libc6-i386_2.11.3-4+deb6u8_amd64.deb
 d3d29980408cc67c1c3a6819efa68d51 1554402 libdevel optional 
libc6-dev-i386_2.11.3-4+deb6u8_amd64.deb
 a7093b2b8ece8cf725e2e1b05f356d8c 200298 admin optional 
nscd_2.11.3-4+deb6u8_amd64.deb
 03e596ee00e8e5a1fedf32260bba651f 10522714 debug extra 
libc6-dbg_2.11.3-4+deb6u8_amd64.deb
 7372e69ae92a2e273a2a126d9a01f8ec 1171682 debian-installer extra 
libc6-udeb_2.11.3-4+deb6u8_amd64.udeb
 35d6b32d30528b0272d1ad92a2a46e55 11108 debian-installer extra 
libnss-dns-udeb_2.11.3-4+deb6u8_amd64.udeb
 ec44ce784dfa307c75d60fd803f1ccfc 20142 debian-installer extra 
libnss-files-udeb_2.11.3-4+deb6u8_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Signed by Raphael Hertzog

iQEcBAEBCAAGBQJWVwzfAAoJEAOIHavrwpq5cncH/0shdsko06uVrH4zhbAkhJc0
7GJsNLnCGqOzzG/rx5tucDG1b9MhJJCuwSWOdHeeQcrpMmIWKCKQ0qTyvdGigAqA
DXMwMSz8nOsLG3tdR0fXYYDgoe+w/NdK7WbrQTj0l/uZFy8q+JToOYo9Ur52cIRL
EGjAziBzcwBhjwStDpTE3/LiGdRDSzcYLir9p/lPZTLNC1e7p+Xqh00z/41Zl2WH
//OtWideLftuX7gPi19AxrbsYiJ38wm4zL1C1n0bNo2FqXjYG73evk+Eo+ewoikR
CY38bb821Uw5MKlViaP9+WxVQDU//ajqF9viwxnuDBX5vtcPitSyto8c/4BMPUw=
=l/o/
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to