Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7028afc1 by Salvatore Bonaccorso at 2026-03-11T17:33:44+01:00
Update status for CVE-2026-3904/glibc
The change was actually cherry-picked already for glibc/2.36-9 with an
updated git-updates.diff:
* debian/patches/git-updates.diff: update from upstream stable branch:
- Prevent SIGSEGV in the SSE2 version of memcmp when data is concurrently
modified. Closes: #1033931.
Add as well Debian bug reference for the report back in 2023.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2026-3904 [nscd client crash on x86_64 under high nscd load]
- - glibc 2.37-3
+ - glibc 2.36-9 (bug #1033931)
[bullseye] - glibc <not-affected> (Vulnerable code introduced later)
NOTE:
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2026-0004
NOTE: Introduced with:
https://sourceware.org/git/?p=glibc.git;a=commit;h=8804157ad9da39631703b92315460808eac86b0c
(glibc-2.36)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7028afc189b17f3106e117eef4b60b4da32ef9fa
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7028afc189b17f3106e117eef4b60b4da32ef9fa
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
