Your message dated Wed, 21 Nov 2007 22:49:27 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#442250: fixed in glibc 2.7-0exp9 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: php5 Severity: minor Tags: security Hi, a CVE has been issued against your package. CVE-2007-4840[0]: PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. Please include the CVE id in the changelog if you fix this bug. This should be a minor bug since it is not really exploitable in most environments. [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4840 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.pgpb5pnSZqHpr.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: glibc Source-Version: 2.7-0exp9 We believe that the bug you reported is fixed in the latest version of glibc, which is due to be installed in the Debian FTP archive: glibc-doc_2.7-0exp9_all.deb to pool/main/g/glibc/glibc-doc_2.7-0exp9_all.deb glibc_2.7-0exp9.diff.gz to pool/main/g/glibc/glibc_2.7-0exp9.diff.gz glibc_2.7-0exp9.dsc to pool/main/g/glibc/glibc_2.7-0exp9.dsc libc6.1-alphaev67_2.7-0exp9_alpha.deb to pool/main/g/glibc/libc6.1-alphaev67_2.7-0exp9_alpha.deb libc6.1-dbg_2.7-0exp9_alpha.deb to pool/main/g/glibc/libc6.1-dbg_2.7-0exp9_alpha.deb libc6.1-dev_2.7-0exp9_alpha.deb to pool/main/g/glibc/libc6.1-dev_2.7-0exp9_alpha.deb libc6.1-pic_2.7-0exp9_alpha.deb to pool/main/g/glibc/libc6.1-pic_2.7-0exp9_alpha.deb libc6.1-prof_2.7-0exp9_alpha.deb to pool/main/g/glibc/libc6.1-prof_2.7-0exp9_alpha.deb libc6.1-udeb_2.7-0exp9_alpha.udeb to pool/main/g/glibc/libc6.1-udeb_2.7-0exp9_alpha.udeb libc6.1_2.7-0exp9_alpha.deb to pool/main/g/glibc/libc6.1_2.7-0exp9_alpha.deb libnss-dns-udeb_2.7-0exp9_alpha.udeb to pool/main/g/glibc/libnss-dns-udeb_2.7-0exp9_alpha.udeb libnss-files-udeb_2.7-0exp9_alpha.udeb to pool/main/g/glibc/libnss-files-udeb_2.7-0exp9_alpha.udeb locales-all_2.7-0exp9_alpha.deb to pool/main/g/glibc/locales-all_2.7-0exp9_alpha.deb locales_2.7-0exp9_all.deb to pool/main/g/glibc/locales_2.7-0exp9_all.deb nscd_2.7-0exp9_alpha.deb to pool/main/g/glibc/nscd_2.7-0exp9_alpha.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aurelien Jarno <[EMAIL PROTECTED]> (supplier of updated glibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 18 Nov 2007 22:11:35 +0100 Source: glibc Binary: libc0.1-prof libc6.1-alphaev67 libc6-dev-amd64 locales-all libc6-i686 libc6-dev-ppc64 libc0.3-pic glibc-doc libc0.3 libc6-dev-mipsn32 libc0.1-i686 libc0.1-i386 libc6-mips64 libc6.1-dev libc6-s390x libnss-files-udeb libc0.1-dev-i386 libc6-dev-sparc64 libc6-i386 libc0.3-dev libc6-udeb libc6-dbg libc6.1-pic libc6-dev libc0.3-prof libc0.1-udeb libc6-dev-i386 libc6.1-prof libc6-mipsn32 libc0.1-dev locales libc6-pic libc0.3-udeb libc6-dev-powerpc libc0.1-pic libc6-ppc64 libc0.3-dbg libc0.1-dbg libc6-amd64 libc0.1 libc6-prof libc6-xen libc6-dev-mips64 libc6-powerpc libc6 libc6-sparcv9b libc6.1-udeb libc6.1-dbg nscd libc6-sparc64 libnss-dns-udeb libc6.1 libc6-dev-s390x Architecture: source alpha all Version: 2.7-0exp9 Distribution: experimental Urgency: low Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org> Changed-By: Aurelien Jarno <[EMAIL PROTECTED]> Description: glibc-doc - GNU C Library: Documentation libc6.1 - GNU C Library: Shared libraries libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized) libc6.1-dbg - GNU C Library: Libraries with debugging symbols libc6.1-dev - GNU C Library: Development Libraries and Header Files libc6.1-pic - GNU C Library: PIC archive library libc6.1-prof - GNU C Library: Profiling Libraries libc6.1-udeb - GNU C Library: Shared libraries - udeb (udeb) libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb) libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb) locales - GNU C Library: National Language (locale) data [support] locales-all - GNU C Library: Precompiled locale data nscd - GNU C Library: Name Service Cache Daemon Closes: 229251 442250 442568 443460 443660 444145 444580 445631 447221 447328 447866 447928 448248 448508 448796 448928 449193 449198 451304 Changes: glibc (2.7-0exp9) experimental; urgency=low . [ Clint Adams ] * New upstream release with linuxthreads snapshot. - Fixes an ABBA deadlock in ld.so. Closes: #443460. - Render dgettext" thread safe. Closes: #443660. - Fixes CVE-2007-4840 (multiple errors in iconv function). Closes: #442250. - Remove localedata/locale-de_CH.diff (merged). - Update locale/fix-LC_COLLATE-rules.diff. - Update locale/LC_COLLATE-keywords-ordering.diff. - Update locale/fix-C-first_weekday.diff. - Update locale/preprocessor-collate.diff. - Update localedata/locales-fr.diff. - Remove localedata/locale-sa_IN.diff (merged). - Remove localedata/locale-wo_SN.diff (merged). - Update localedata/tailor-iso14651_t1.diff. - Add localedata/tailor-iso14651_t1-common.diff. - Remove localedata/fix-unknown-symbols.diff (merged). - Update localedata/first_weekday.diff. - Add localedata/cs_CZ-first_weekday.diff. - Add localedata/da_DK-first_weekday.diff. - Add localedata/pl_PL-first_weekday.diff. - Add localedata/de_DE-first_weekday.diff. - Add localedata/en_GB-first_weekday.diff. - Add localedata/en_US-first_weekday.diff. - Add localedata/et_EE-first_weekday.diff. - Add localedata/fr_BE-first_weekday.diff. - Add localedata/fr_CA-first_weekday.diff. - Add localedata/fr_CH-first_weekday.diff. - Add localedata/fr_FR-first_weekday.diff. - Add localedata/fr_LU-first_weekday.diff. - Add localedata/hu_HU-first_weekday.diff. - Add localedata/nb_NO-first_weekday.diff. - Add localedata/nn_NO-first_weekday.diff. - Add localedata/sk_SK-first_weekday.diff. - Add localedata/cy_GB-first_weekday.diff. - Update localedata/sort-UTF8-first.diff. - Remove localedata/submitted-as_IN.diff (merged). - Remove hppa/submitted-multiple-threads.diff (merged). - Remove hppa/submitted-ustat.diff (merged). - Remove hurd-i386/cvs-sigsuspend-nocancel.diff (merged). - Remove hurd-i386/cvs-lock-intern.diff (merged). - Remove sparc/local-undefined-registers.diff (obsolete). - Remove all/local-pt_BR.diff (merged). - Remove any/cvs-ld_library_path.diff (merged). - Remove any/cvs-initfini.diff (merged). - Remove any/cvs-posix-glob.diff (merged). - Update any/local-bashisms.diff. - Remove any/local-forward-backward-collation.diff (merged). - Remove any/local-version-sanity.diff (merged). - Remove any/submitted-strtok.diff (merged). - Remove any/submitted-regex-collate.diff (merged). - Remove localedata/locale-no_NO.diff (obsolete). - Update localedata/supported.diff. * Bump shlib version to 2.7-1. * Add localedata/cvs-locale-ig_NG.diff BZ#5224, missing collation symbols for ig_NG. * Add localedata/cvs-locale-lo_LA.diff BZ#5237, missing collation symbols for lo_LA. * Add localedata/cvs-locale-ug_CN.diff BZ#5238, missing collation symbols for ug_CN. . [ Aurelien Jarno ] * kfreebsd/local-sysdeps.diff: update to revision 2029 (from glibc-bsd). * any/submitted-longdouble.diff: update. * Improve any/submitted-rfc3484-sortv4.diff. * Update hurd-i386/submitted-trivial.diff. * any/local-strfry.diff: new patch to fix strfry(), as Ulrich Drepper has still not managed to commit a correct version. * Remove hppa/submitted-threaddb.diff (merged). * Update hppa/submitted-nptl-carlos.diff. * Update hurd-i386/submitted-libc_once.diff. * Remove hurd-i386/cvs-ioctl-delay.diff (merged). * Update hurd-i386/local-tls-support.diff. * Add hurd-i386/cvs-kernel-features.diff: provide almost empty kernel-features.h for files that include it. * Add arm/local-args6.diff: provide DOCARGS_6 and UNDOCARGS_5 for arm old-abi. * Add arm/local-lowlevellock.diff: new patch to fix build on arm. * debian/rules, debian/rules.d/build.mk: allow per architecture TIMEOUTFACTOR. * sysdeps/arm.mk, sysdeps/armel.mk, sysdeps/hppa.mk, sysdeps/s390.mk, sysdeps/sh4.mk: define TIMEOUTFACTOR. * locales-depver: tighten locales dependencies. * any/local-disable-test-tgmath2.diff: new patch to disable test-tgmath2, which take too much resources during compilation. * Add hurd-i386/submitted-strtoul.diff: new patch to use __strtoul_internal() instead of strtoul() in internal functions. * Add hurd-i386/submitted-ptr-mangle.diff: new patch to define PTR_MANGLE and PTR_DEMANGLE. * Update Galician debconf translation, by Jacobo Tarrio. Closes: #447928. * Update Dutch debconf translation, by Bart Cornelis. Closes: #448928. * Add sh4/local-fpscr_values.diff and any/local-allocalim-header.diff from Arthur Loiret. Closes: #448248. * Fix encoding of Japanese translation. Closes: #447221. * Add any/submitted-sched_h.diff: new patch to define `__CPU_ALLOC_SIZE. * Add mips/local-setjmp.diff: new patch to fix g++ tests on mips/mipsel. * Add any/local-fhs-nscd.diff: move nscd directory to /var/cache/nscd from /var/db/nscd. Closes: #449198. * debhelper.in/nscd.postrm: remove /var/cache/nscd on purge. Closes: #449193. * script.in/kernelcheck.sh, sysdeps/alpha.mk: bump minimum kernel version to 2.6.9 for alpha. * script.in/kernelcheck.sh, sysdeps/sh4.mk: bump minimum kernel version to 2.6.11 for sh4. * debian/patches/arm/local-eabi-wchar.diff: new patch from Riku Voipio to fiw WCHAR_MIN and WCHAR_MAX definitions on armel. Closes: #444580. * debian/po/zh_CN.po: update from LI Daobing. Closes: #447866. * debhelper.in/locales-all.postinst: trap exit signal and remove temporary directory. Closes: #447328. * debhelper.in/libc.NEWS: mention that the tzconfig script has been replaced by the maintainer scripts of tzdata. Closes: bug#448796. * patches/all/local-alias-et_EE.diff: switch estonian locales alias to ISO-8859-15. * patches/alpha/submitted-fpu-round.diff: restore the old version of ceil/floor/rint functions. Closes: #442568. * patches/alpha/local-dl-procinfo.diff: new patch to add platform capabilities support on alpha. * Add an ev67 flavour on alpha: Closes: #229251 - control.in/opt: add libc6-alphaev67 packages. - sysdeps/alpha.mk: add a new pass for ev67 flavour. * debian/local/manpages/iconv.1: document //translit and //ignore options. Closes: #451304. * debian/local/manpages/getent.1: document exit codes. Closes: #445631. * debian/local/manpages/ld.so.8: document $ORIGIN, $PLATFORM and $LIB features. Closes: #444145. . [ Petr Salinger] * any/local-linuxthreads-unwind.diff: provide unwind-resume routine for linuxthreads. * any/local-stdio-lock.diff: make _IO_*_lock linuxthreads compliant. * any/local-o_cloexec.diff: don't assume O_CLOEXEC is always defined. * any/local-linuxthreads-signals.diff: always use non-RT signal handler on GNU/kFreeBSD. . [ Pierre Habouzit ] * Remove any/local-iconv-fix-trampoline.diff (obsolete). * Remove any/submitted-strfry.diff (merged). * Update any/submitted-rfc3484-sortv4.diff. * Update localedata/*first_weekday.diff. * Remove localedata/fix-am_ET.diff (obsolete). * Add locale/preprocessor-collate-uli-sucks.diff to revert Ulrich's preprocessor that isn't enough for Debian. * Update patches/locale/preprocessor-collate.diff. * Add alpha/submitted-PTR_MANGLE.diff (Closes: #448508). . [ Samuel Thibault ] * hurd-i386/submitted-ptr-mangle.diff: Define PTR_MANGLE for assembly. Files: a5d06d459ece744e00abf72a7579f74e 2080 libs required glibc_2.7-0exp9.dsc c186e9194eff62ed85ec0e80332482dd 673154 libs required glibc_2.7-0exp9.diff.gz 1b95e62c7af7ed5a9345539eef4f0da5 1622848 doc optional glibc-doc_2.7-0exp9_all.deb f9777e15307ae0344425722a374dece7 4487518 libs standard locales_2.7-0exp9_all.deb 32da6d4e7e90048b137e82c0d1e33082 5175550 libs required libc6.1_2.7-0exp9_alpha.deb 29a8f03cde9c51b88dbcade690585267 3022538 libdevel optional libc6.1-dev_2.7-0exp9_alpha.deb 2f51e60ad3b1e390f14cd118ff6e9b12 2482288 libdevel extra libc6.1-prof_2.7-0exp9_alpha.deb f0e957a3c165e1ac8cb90ac6176ae348 1760284 libdevel optional libc6.1-pic_2.7-0exp9_alpha.deb 6d295999145edacfd67b86f57d3a41a5 2774844 libs extra locales-all_2.7-0exp9_alpha.deb 453ebad41012dcdda888416b058b6b14 1556180 libs extra libc6.1-alphaev67_2.7-0exp9_alpha.deb daca2587e27785ef471feb7921e072ce 169898 admin optional nscd_2.7-0exp9_alpha.deb 7a3d73b4e5b98d651630b4be0b810796 5618922 libdevel extra libc6.1-dbg_2.7-0exp9_alpha.deb 4bde0e314bf397b7c5ac46d9d380491f 1263398 debian-installer extra libc6.1-udeb_2.7-0exp9_alpha.udeb 7caa00e624a592f6f439e446bd5aae96 10614 debian-installer extra libnss-dns-udeb_2.7-0exp9_alpha.udeb cc9b7cb8b9bc15a0953779757600e7dd 18302 debian-installer extra libnss-files-udeb_2.7-0exp9_alpha.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHQq/ow3ao2vG823MRAuerAJ9JWqwMkTruoZCHgD9JgLJDmoELUQCdEj7l 68qBhUVmQhBTzYhPaV/Urp8= =w1Ms -----END PGP SIGNATURE-----
--- End Message ---