Your message dated Tue, 23 Apr 2024 16:47:08 +0000 with message-id <e1rzjis-00a6ao...@fasolo.debian.org> and subject line Bug#1069191: fixed in glibc 2.36-9+deb12u6 has caused the Debian Bug report #1069191, regarding glibc: GLIBC-SA-2024-0004/CVE-2024-2961: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1069191: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069191 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: glibc Version: 2.37-17 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 2.37-15 Control: found -1 2.36-9+deb12u5 Control: found -1 2.36-9+deb12u4 Control: found -1 2.36-9 Control: found -1 2.31-13+deb11u8 Control: found -1 2.31-13 Hi, The following vulnerability was published for glibc. CVE-2024-2961[0]: | The iconv() function in the GNU C Library versions 2.39 and older | may overflow the output buffer passed to it by up to 4 bytes when | converting strings to the ISO-2022-CN-EXT character set, which may | be used to crash an application or overwrite a neighbouring | variable. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-2961 https://www.cve.org/CVERecord?id=CVE-2024-2961 [1] https://www.openwall.com/lists/oss-security/2024/04/17/9 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: glibc Source-Version: 2.36-9+deb12u6 Done: Aurelien Jarno <aure...@debian.org> We believe that the bug you reported is fixed in the latest version of glibc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1069...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aurelien Jarno <aure...@debian.org> (supplier of updated glibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 19 Apr 2024 18:34:04 +0200 Source: glibc Architecture: source Version: 2.36-9+deb12u6 Distribution: bookworm-security Urgency: medium Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org> Changed-By: Aurelien Jarno <aure...@debian.org> Closes: 1069191 Changes: glibc (2.36-9+deb12u6) bookworm-security; urgency=medium . * debian/patches/any/local-CVE-2024-2961-iso-2022-cn-ext.diff: Fix out-of-bound writes when writing escape sequence in iconv ISO-2022-CN-EXT module (CVE-2024-2961). Closes: #1069191. Checksums-Sha1: 89201c9a3dc4b12a21085158cc671e65ef2cd2d2 9761 glibc_2.36-9+deb12u6.dsc ce2b34137062a0ddba922d5b34a80770737bb59c 858672 glibc_2.36-9+deb12u6.debian.tar.xz a44d3239eba25b6c7f4ce2756457d71ae0b857ac 9744 glibc_2.36-9+deb12u6_source.buildinfo Checksums-Sha256: fbd6a3b34c8019bc677c1aa3c55a7cdd2fac0f5226151d408cbf107e89002c10 9761 glibc_2.36-9+deb12u6.dsc dab8173d6a6393b50ed0737bd32ff993a3fa7bf4a837573eab8c67f1391ecb12 858672 glibc_2.36-9+deb12u6.debian.tar.xz 7ee850a9b13f43b44460b82fd59ca548b22123dd500bf942c3af4acbbb957bf6 9744 glibc_2.36-9+deb12u6_source.buildinfo Files: d98990edb6c22014e5b8c48aa43152c9 9761 libs required glibc_2.36-9+deb12u6.dsc 65d05b6e083f7e0d364a30fa0349efd9 858672 libs required glibc_2.36-9+deb12u6.debian.tar.xz 1cdb197b7714c8fd5c6e9ca7d19aa569 9744 libs required glibc_2.36-9+deb12u6_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAmYirqMACgkQE4jA+Jno M2sPNQ/+LTclWWW5JsLlpFpI1n0eCno6yzVxuU7nW31IffIRQ/eNYPqKa2iM+Wi+ q41DfI/0KV8yLdVkGiTofVK4RnFAAwN7FIzX0NBazCNlhr3cgBOR33YS8ep0bOfN EjXAS0PYsUwCB1Rf5ozKja6j0Lt8oWoodhRYayL29/WA8yf7oJru/Xaho0bVj68B lP29vRFEtNeBcG+s9iR617jlnUrbyY+1qCP5CwtRH6cBTKM6RozK8hCcNiw/BSwx S9wK+62oMNOpUJaOJLfuIygJH0nwaHzKQU+MQkQhI97ROeJJkGOhzBjAZK44CjkZ HYsizViEUO2Qjq5stTuExD6uYeLK9lcmlhwRgQVqqyQTRKoUOssQDeiNY/SyYscH 3f/HbUJ4QYQ5mlnpYrP3i7EQ2qHbzHEy6qgnmhhnoiPBr7vFQ7/CijIzt7RF78E8 B3XWTiWFuy5SCouXtEoJHhWrE2XNU/w5Ucpe+e2R23mnu5362ECGGvT+WHU2maaD TBdCwNYqw1oA5iy5XwF/FdlRqSEQk88vohl73EFPHl9HTyYiKcxlocQgRFRumv7x NFPHMxk27kGm7kXJb0FtBT7XOX+XUOjbCYRiNqWMlT/mH8bFg/Ey5KXI9TKXUjHB +fQKMYdXSn9O1waG9XFkDmz5TmrbP2+4vv9iahgXoanYnezUKCY= =p/cK -----END PGP SIGNATURE-----pgpJxbA8Mzw_d.pgp
Description: PGP signature
--- End Message ---