[Bug 2112018] Re: Merge klibc from Debian Unstable for questing

Thu, 12 Jun 2025 11:25:35 -0700 

This bug was fixed in the package klibc - 2.0.14-1ubuntu1

---------------
klibc (2.0.14-1ubuntu1) questing; urgency=medium

  * Merge with Debian unstable (LP: #2112018). Remaining changes:
    - SECURITY UPDATE: improper pointer arithmetic
      + debian/patches/CVE-2016-9840.patch: remove offset pointer optimization
        in usr/klibc/zlib/inftrees.c.
      + CVE-2016-9840
    - SECURITY UPDATE: improper pointer arithmetic
      + debian/patches/CVE-2016-9841.patch: remove offset pointer optimization
        in usr/klibc/zlib/inffast.c.
      + CVE-2016-9841
    - SECURITY UPDATE: memory corruption during compression
      + debian/patches/CVE-2018-25032.patch: addresses a bug that can crash
        deflate on rare inputs when using Z_FIXED.
      + CVE-2018-25032
    - SECURITY UPDATE: heap-based buffer over-read
      + debian/patches/CVE-2022-37434-1.patch: adds an extra condition to check
        if state->head->extra_max is greater than len before copying, and moves
        the len assignment to be placed before the check in
        usr/klibc/zlib/inflate.c.
      + debian/patches/CVE-2022-37434-2.patch: in the previous patch, the
        placement of the len assignment was causing issues so it was moved
        within the conditional check.
      + CVE-2022-37434

klibc (2.0.14-1) unstable; urgency=medium

  * New upstream version:
    - parisc: Fix build with Linux 6.10+ (Closes: #1075820)

 -- Benjamin Drung <[email protected]>  Wed, 11 Jun 2025 11:05:35 +0200

** Changed in: klibc (Ubuntu)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-9840

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-9841

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-25032

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-37434

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2112018

Title:
  Merge klibc from Debian Unstable for questing

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/klibc/+bug/2112018/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to