Your message dated Fri, 19 Apr 2024 05:20:35 +0000 with message-id <e1rxgfr-0051rs...@fasolo.debian.org> and subject line Bug#1069191: fixed in glibc 2.37-18 has caused the Debian Bug report #1069191, regarding glibc: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1069191: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069191 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: glibc Version: 2.37-17 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 2.37-15 Control: found -1 2.36-9+deb12u5 Control: found -1 2.36-9+deb12u4 Control: found -1 2.36-9 Control: found -1 2.31-13+deb11u8 Control: found -1 2.31-13 Hi, The following vulnerability was published for glibc. CVE-2024-2961[0]: | The iconv() function in the GNU C Library versions 2.39 and older | may overflow the output buffer passed to it by up to 4 bytes when | converting strings to the ISO-2022-CN-EXT character set, which may | be used to crash an application or overwrite a neighbouring | variable. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-2961 https://www.cve.org/CVERecord?id=CVE-2024-2961 [1] https://www.openwall.com/lists/oss-security/2024/04/17/9 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: glibc Source-Version: 2.37-18 Done: Aurelien Jarno <aure...@debian.org> We believe that the bug you reported is fixed in the latest version of glibc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1069...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aurelien Jarno <aure...@debian.org> (supplier of updated glibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 19 Apr 2024 07:10:32 +0200 Source: glibc Architecture: source Version: 2.37-18 Distribution: unstable Urgency: medium Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org> Changed-By: Aurelien Jarno <aure...@debian.org> Closes: 1069191 Changes: glibc (2.37-18) unstable; urgency=medium . * debian/patches/git-updates.diff: update from upstream stable branch: - Fix fix out-of-bound writes when writing escape sequence in iconv ISO-2022-CN-EXT module (CVE-2024-2961). Closes: #1069191. Checksums-Sha1: 55a2d32004c64d219b2c24802cc30e5a7aa02729 9043 glibc_2.37-18.dsc 6e6a9646c9296dc7de9b321f2a07a432472ff27b 422556 glibc_2.37-18.debian.tar.xz 1b076043374ce74f757b97bf54b4dca9705b9a33 10084 glibc_2.37-18_source.buildinfo Checksums-Sha256: 53fec1eca4e1c6e7ccb36a533eeb3e6b76c6ba5ecfb6ad0e66ee251ae356b638 9043 glibc_2.37-18.dsc 2d04ca854821da8d1a414d0afa20812cba5e3cfb9e10da7d824f9d8215acccad 422556 glibc_2.37-18.debian.tar.xz c8e98dd7add508db574499a2543b7d6f425dde3bee4de28502977dac0392f0c0 10084 glibc_2.37-18_source.buildinfo Files: 7f6b5b38d801a916027c292fedf6c6af 9043 libs required glibc_2.37-18.dsc 62a072981057354cea926396dd00c0ff 422556 libs required glibc_2.37-18.debian.tar.xz 87335394d5cf6b840689e187a8b591e7 10084 libs required glibc_2.37-18_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAmYh/VUACgkQE4jA+Jno M2s+5w//SZHS7bFkz8VPpL2HrkP1cYgMuCswNIyLtf9h3533u9V4LU/XfEIh6OGV 7WnGDMO3HGUr2RvrgN5JqYRIP0YO5XaYJtkZrr9Tgy4QshTf8KZxxML2nKYJW62h GSEH8rPyHGjWwOgIOZ1tlMUp2Io+l15SEfMotOmDfjIoc5epwlXqdp1pgZaAlxZn i72jTm+Bj7/BlfTjYmrl1VDKJUw6fJmN+GOhEhl1eOsLWl1QN3S+d/pwtaPbgscF rCN18d9r1IodH8wpUmAKosgZ7hDuEIlL/+Z5f1YwcquE5+UtzVv7VfCor289Xi1i rKSTy7Eyurfh/zvfBvl9gdgmN66Y+Ey4h8ks1HkItQS53R6QjFaFqiNOjDNF1VKv MOvsqENoARp3fS/gcbL53mEi53pSvPWIiaiZygQ/2aonwIFEJSKC6s4QQ96OIjSs AJVCKjVYFU1Kht5kAr5yhUEg0fdcj11jLLF5UD7ZXABx4fFU+aKffnBd4qfiNRsY 4l/3hxKv6gsxaBVEAINCXJZmuMv7xz/Ir6YcKATQdiGNgTRijxJ6teqr+uUrxgqt k5DxrVntZwL8Xoy20gIejYwRGx4MlhSW5eYGWXyygyG8rnt6T+rR8eo+/WF0Blnq fzImbXtNf+vHkOpgAGmk7iIuG8MJZcFIEIRn/3vrYsghAqsq56U= =EcGb -----END PGP SIGNATURE-----pgpnpA4A7sfFs.pgp
Description: PGP signature
--- End Message ---