Your message dated Tue, 23 Apr 2024 16:47:50 +0000
with message-id <e1rzjj8-00a6im...@fasolo.debian.org>
and subject line Bug#1069191: fixed in glibc 2.31-13+deb11u9
has caused the Debian Bug report #1069191,
regarding glibc: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix
out-of-bound writes when writing escape sequence
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1069191: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069191
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: glibc
Version: 2.37-17
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 2.37-15
Control: found -1 2.36-9+deb12u5
Control: found -1 2.36-9+deb12u4
Control: found -1 2.36-9
Control: found -1 2.31-13+deb11u8
Control: found -1 2.31-13
Hi,
The following vulnerability was published for glibc.
CVE-2024-2961[0]:
| The iconv() function in the GNU C Library versions 2.39 and older
| may overflow the output buffer passed to it by up to 4 bytes when
| converting strings to the ISO-2022-CN-EXT character set, which may
| be used to crash an application or overwrite a neighbouring
| variable.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-2961
https://www.cve.org/CVERecord?id=CVE-2024-2961
[1] https://www.openwall.com/lists/oss-security/2024/04/17/9
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: glibc
Source-Version: 2.31-13+deb11u9
Done: Aurelien Jarno <aure...@debian.org>
We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1069...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno <aure...@debian.org> (supplier of updated glibc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 19 Apr 2024 22:40:26 +0200
Source: glibc
Architecture: source
Version: 2.31-13+deb11u9
Distribution: bullseye-security
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aure...@debian.org>
Closes: 1069191
Changes:
glibc (2.31-13+deb11u9) bullseye-security; urgency=medium
.
* debian/patches/any/local-CVE-2024-2961-iso-2022-cn-ext.patch: Fix
out-of-bound writes when writing escape sequence in iconv ISO-2022-CN-EXT
module (CVE-2024-2961). Closes: #1069191.
Checksums-Sha1:
d555a20390c7fba05a2cd1f5419bf973c1e9a969 8347 glibc_2.31-13+deb11u9.dsc
60fc288d2351b8b8c2b6ad23aa1f8f65c795249c 961928
glibc_2.31-13+deb11u9.debian.tar.xz
42ef9addd34cfe89709a746373618fcea2ea8d11 9270
glibc_2.31-13+deb11u9_source.buildinfo
Checksums-Sha256:
d434d56ceee9b81ca36558abdf21fe95ce96dd0be5f296c4d1394a53aac3bdce 8347
glibc_2.31-13+deb11u9.dsc
c57f8a2e9bfbedeb110cfe35f9aa387337464ab1233de37f520a802f828a2b97 961928
glibc_2.31-13+deb11u9.debian.tar.xz
cd4f7494c0cb52b6f0d8b001cffb111b21f8d33515f43321103b41224e6b2dba 9270
glibc_2.31-13+deb11u9_source.buildinfo
Files:
1380cc777ac43126bbdd4897ee61b795 8347 libs required glibc_2.31-13+deb11u9.dsc
1d4c2a4a8ac6df5fa8aa09d321aed75b 961928 libs required
glibc_2.31-13+deb11u9.debian.tar.xz
b5e0bcd9c0e7954c897758490d5647ad 9270 libs required
glibc_2.31-13+deb11u9_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAmYi2KcACgkQE4jA+Jno
M2tKbBAAiAu+/4xAq5ZQxjpEcxESNsgZomD1Wz0z17IuvkQD1+bUYAkFu/Bkxz+k
hSA7COEzXSO8xEp2fmkRPrL711MR2USsDde0muZFHHYpcBQXgGJdRwSDnFJ9HE/l
nGgaBHJSQyi/li8lGuGLjiRECCzLZF6pw0mAggEkULwnjN0FG7kMW39EBcZAABpX
WmZacAJOozUDTYNEowx4V+lwDujMUKr6nxrtL1xUUsMnY7wcU7Kd/hOCXgcU37VO
fjYQkDw5XBLCP/sDgxjAtsv5Ep4qLcsbm23SAycv00JUygyL4/OolQWSU8vSt8Bs
Pdfdd1CaTSY+LdjrxtHXxFbKsNcjXI+2u2GNQ8m8jzvYEB4j2yX6dyE1zOugxOBo
EOZNu13+/8Tn6XFm7gsQmo4CBju9je3CpgrWAa+XGUP3KKWe+XotmqlkEJwZDn3X
XXZaGYNtb5HebmUgQhs+H56J/qpcv2Cb4CM4K7mF/e3YKzwAb53qHsisjYN+krMC
QEfdEqUl9i1ip8f2z6ME8WB+92mfCg/i3YOk5NfdBS6BQWXeDAtkALyxxWRZgIsa
4vPDc0poYFTpUj6QrqbymlSnC/iKVUydrmjrok6XhxuJUrE+vcM7EK0lfChyVP17
rm8hcN2/xVHOebJFPTC9+jWr4VQHoBFND2unKHib2xH+2lkJVFg=
=tfsn
-----END PGP SIGNATURE-----
pgpIRMDilMSpR.pgp
Description: PGP signature
--- End Message ---
