Your message dated Tue, 27 Jan 2026 00:08:53 +0000
with message-id <[email protected]>
and subject line Bug#1126266: fixed in glibc 2.42-11
has caused the Debian Bug report #1126266,
regarding glibc: CVE-2025-15281
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1126266: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126266
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: glibc
Version: 2.42-10
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for glibc.
CVE-2025-15281[0]:
| Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in
| the GNU C Library version 2.0 to version 2.42 may cause the
| interface to return uninitialized memory in the we_wordv member,
| which on subsequent calls to wordfree may abort the process.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-15281
https://www.cve.org/CVERecord?id=CVE-2025-15281
[1] https://www.openwall.com/lists/oss-security/2026/01/20/3
[2]
https://sourceware.org/git/?p=glibc.git;a=commit;h=80cc58ea2de214f85b0a1d902a3b668ad2ecb302
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: glibc
Source-Version: 2.42-11
Done: Aurelien Jarno <[email protected]>
We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno <[email protected]> (supplier of updated glibc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 26 Jan 2026 23:40:35 +0100
Source: glibc
Architecture: source
Version: 2.42-11
Distribution: unstable
Urgency: medium
Maintainer: GNU Libc Maintainers <[email protected]>
Changed-By: Aurelien Jarno <[email protected]>
Closes: 1126266
Changes:
glibc (2.42-11) unstable; urgency=medium
.
[ Samuel Thibault ]
* debian/patches/hurd-i386/local-execstack.diff: Work around missing
execstack
on libc.so.
.
[ Aurelien Jarno ]
* debian/patches/git-updates.diff: update from upstream stable branch:
- Fix bug in wordexp, which could return uninitialized memory when using
WRDE_REUSE together with WRDE_APPEND (CVE-2025-15281). Closes: #1126266.
- Switch currency symbol for the bg_BG locale to euro.
Checksums-Sha1:
c8da41d68af1d54c4902ef4c2e9e50484a09263e 8800 glibc_2.42-11.dsc
7f7024fddd196ea9cc8edc410d1cd1a4de7a0e93 419836 glibc_2.42-11.debian.tar.xz
efd6417c605606a135916ececaff9c01c64bdc40 9596 glibc_2.42-11_source.buildinfo
Checksums-Sha256:
0cf73e115dae3fc03a141ab4843207d8511959ad32b1db599aa68624a5d35b9e 8800
glibc_2.42-11.dsc
2ce796e65836134a1045648ce735298eb6aabc822919a35262af0017983c1e5e 419836
glibc_2.42-11.debian.tar.xz
61b3ef7fdde5025734fbc7cf9bb5af2446090443d62d1e63c6749cbdde3b413f 9596
glibc_2.42-11_source.buildinfo
Files:
b1d5b2cd4482bd7f74b11f2908f0733c 8800 libs required glibc_2.42-11.dsc
7feacb1339772c3598d959a3baf6ee5d 419836 libs required
glibc_2.42-11.debian.tar.xz
6276fd7b11b049f5303b965973994c0b 9596 libs required
glibc_2.42-11_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAml37ksACgkQE4jA+Jno
M2vyKw//ckIrDTctitK2WC7wVH+w5MSjSpYBQ/np71vQ8Max1xYa0kh8gNgM0u5J
f4pEw4E3KBGYFWHL6swmobbkGnTaewokTK9Ul49Are/GaZ0swKaLcHZFoL8eTxBC
RbHNo+OHbyDXdRHEWlzh9N3zkz39yir2Zw4lua3WwhCuhd+I3LnUw+YiyoIn+46g
tZ6vtMakUpxNo+c45gUmBkSFNsNayWhYH2/H1zbkCpAT/qrpKetlWnW0Czxvq9cF
fprGnl8XXmKTvc1UHabD87Hnba7RvI2K3yg7hEojS1ZRY64KJFuiwA6cufP9Tz6I
D1I/Qn6oC9oJN359tKHAf33tAfxieA8Xs2fTDd3QcNa4FKFro255WgJeLVv+CdXF
NYyJvG3IXkB14Det6PISRfX2aw/cOHRcS2oao0TO7RFucZVQseIyF9jSWEW5ThUT
EPqPRIjPdoFteGsJE+gAauLx2zMW5iVAHpxt1C3RWgayJ3xrCwiEMGX+7w137PeS
d/F3h+wVS4wQkUe19Lsg4JwknaFhEEXRq36Fa2EKcin7QwM0f2maAq9ux9Sr2NHq
WyS9MHnmas2sJHkTMeE86Hdjr2p1BtNCSglK/8kig6kHYTNvYvIQuzsYDbboTiUX
hvolXp+zZFHWG4x0yI55hW4enRgvtqs4QdrVAZ8lKGH0WBGMtsk=
=OyGO
-----END PGP SIGNATURE-----
pgpTpcKXBlIxY.pgp
Description: PGP signature
--- End Message ---
