Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
glibc version 2.24-12 includes an important security fix (CVE-2017-1000366) that should probably fixed asap in buster. It contains other changes which should have no impact on debian-installer. Here is the full changelog: | glibc (2.24-12) unstable; urgency=high | | [ Aurelien Jarno ] | * debian/patches/git-updates.diff: update from upstream stable branch: | - Drop patches/any/cvs-remove-pid-tid-cache-clone.diff (merged upstream). | - Remove wrong assertion on parent PID in fork. | - Fix 64-bit atomics on m68k. Closes: #855692. | * debian/debhelper.in/libc.templates: update the kernel 3.2 warning to | mention that the support limitation comes from Debian and not from | upstream. Closes: #864720. | * debian/rules, debian/rules.d/build.mk: do not capture the build path | when generating glibc-source tarball. Closes: #861183. | * debian/control.in/main: build-depends on gperf. Closes: #847478. | * debian/patches/hppa/submitted-longjmp.diff: new patch from Helge Deller | to fix longjmp on hppa. Closes: #858738. | * debian/sysdeps/mipsel.mk, debian/sysdeps/mips64el.mk: leave the default | GCC ISA level, currently MIPS32R2/MIPS64R2. | * debian/patches/any/local-CVE-2017-1000366-rtld-LD_AUDIT.diff, | debian/patches/any/local-CVE-2017-1000366-rtld-LD_LIBRARY_PATH.diff, | debian/patches/any/local-CVE-2017-1000366-rtld-LD_PRELOAD.diff: add | patches to protect the dynamic linker against stack clashes | (CVE-2017-1000366). | * debian/patches/any/cvs-vectorized-strcspn-guards.diff: patch backported | from upstream to allow usage of strcspn in ld.so. | * debian/patches/any/cvs-hwcap-AT_SECURE.diff: patch backported from | upstream to disable HWCAP for AT_SECURE programs. | | [ John Paul Adrian Glaubitz ] | * debian/sysdeps/sh3.mk: copy from sh4.mk. Closes: #851867. | | -- Aurelien Jarno <aure...@debian.org> Sun, 18 Jun 2017 20:04:53 +0200 Could you therefore please unblock this package: unblock glibc/2.24-12 Thanks, Aurelien -- System Information: Debian Release: 9.0 APT prefers stable APT policy: (990, 'stable'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)