Your message dated Fri, 19 Apr 2024 05:20:35 +0000
with message-id <e1rxgfr-0051rs...@fasolo.debian.org>
and subject line Bug#1069191: fixed in glibc 2.37-18
has caused the Debian Bug report #1069191,
regarding glibc: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix
out-of-bound writes when writing escape sequence
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1069191: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069191
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: glibc
Version: 2.37-17
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 2.37-15
Control: found -1 2.36-9+deb12u5
Control: found -1 2.36-9+deb12u4
Control: found -1 2.36-9
Control: found -1 2.31-13+deb11u8
Control: found -1 2.31-13
Hi,
The following vulnerability was published for glibc.
CVE-2024-2961[0]:
| The iconv() function in the GNU C Library versions 2.39 and older
| may overflow the output buffer passed to it by up to 4 bytes when
| converting strings to the ISO-2022-CN-EXT character set, which may
| be used to crash an application or overwrite a neighbouring
| variable.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-2961
https://www.cve.org/CVERecord?id=CVE-2024-2961
[1] https://www.openwall.com/lists/oss-security/2024/04/17/9
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: glibc
Source-Version: 2.37-18
Done: Aurelien Jarno <aure...@debian.org>
We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1069...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno <aure...@debian.org> (supplier of updated glibc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 19 Apr 2024 07:10:32 +0200
Source: glibc
Architecture: source
Version: 2.37-18
Distribution: unstable
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-gl...@lists.debian.org>
Changed-By: Aurelien Jarno <aure...@debian.org>
Closes: 1069191
Changes:
glibc (2.37-18) unstable; urgency=medium
.
* debian/patches/git-updates.diff: update from upstream stable branch:
- Fix fix out-of-bound writes when writing escape sequence in iconv
ISO-2022-CN-EXT module (CVE-2024-2961). Closes: #1069191.
Checksums-Sha1:
55a2d32004c64d219b2c24802cc30e5a7aa02729 9043 glibc_2.37-18.dsc
6e6a9646c9296dc7de9b321f2a07a432472ff27b 422556 glibc_2.37-18.debian.tar.xz
1b076043374ce74f757b97bf54b4dca9705b9a33 10084 glibc_2.37-18_source.buildinfo
Checksums-Sha256:
53fec1eca4e1c6e7ccb36a533eeb3e6b76c6ba5ecfb6ad0e66ee251ae356b638 9043
glibc_2.37-18.dsc
2d04ca854821da8d1a414d0afa20812cba5e3cfb9e10da7d824f9d8215acccad 422556
glibc_2.37-18.debian.tar.xz
c8e98dd7add508db574499a2543b7d6f425dde3bee4de28502977dac0392f0c0 10084
glibc_2.37-18_source.buildinfo
Files:
7f6b5b38d801a916027c292fedf6c6af 9043 libs required glibc_2.37-18.dsc
62a072981057354cea926396dd00c0ff 422556 libs required
glibc_2.37-18.debian.tar.xz
87335394d5cf6b840689e187a8b591e7 10084 libs required
glibc_2.37-18_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAmYh/VUACgkQE4jA+Jno
M2s+5w//SZHS7bFkz8VPpL2HrkP1cYgMuCswNIyLtf9h3533u9V4LU/XfEIh6OGV
7WnGDMO3HGUr2RvrgN5JqYRIP0YO5XaYJtkZrr9Tgy4QshTf8KZxxML2nKYJW62h
GSEH8rPyHGjWwOgIOZ1tlMUp2Io+l15SEfMotOmDfjIoc5epwlXqdp1pgZaAlxZn
i72jTm+Bj7/BlfTjYmrl1VDKJUw6fJmN+GOhEhl1eOsLWl1QN3S+d/pwtaPbgscF
rCN18d9r1IodH8wpUmAKosgZ7hDuEIlL/+Z5f1YwcquE5+UtzVv7VfCor289Xi1i
rKSTy7Eyurfh/zvfBvl9gdgmN66Y+Ey4h8ks1HkItQS53R6QjFaFqiNOjDNF1VKv
MOvsqENoARp3fS/gcbL53mEi53pSvPWIiaiZygQ/2aonwIFEJSKC6s4QQ96OIjSs
AJVCKjVYFU1Kht5kAr5yhUEg0fdcj11jLLF5UD7ZXABx4fFU+aKffnBd4qfiNRsY
4l/3hxKv6gsxaBVEAINCXJZmuMv7xz/Ir6YcKATQdiGNgTRijxJ6teqr+uUrxgqt
k5DxrVntZwL8Xoy20gIejYwRGx4MlhSW5eYGWXyygyG8rnt6T+rR8eo+/WF0Blnq
fzImbXtNf+vHkOpgAGmk7iIuG8MJZcFIEIRn/3vrYsghAqsq56U=
=EcGb
-----END PGP SIGNATURE-----
pgpnVvyK9GXCH.pgp
Description: PGP signature
--- End Message ---
