glibc_2.31-13+deb11u8_source.changes ACCEPTED into oldstable-proposed-updates->oldstable-new
Thank you for your contribution to Debian. Mapping bullseye to oldstable. Mapping oldstable to oldstable-proposed-updates. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 28 Jan 2024 23:58:14 +0100 Source: glibc Architecture: source Version: 2.31-13+deb11u8 Distribution: bullseye Urgency: medium Maintainer: GNU Libc Maintainers Changed-By: Aurelien Jarno Changes: glibc (2.31-13+deb11u8) bullseye; urgency=medium . * debian/patches/any/local-qsort-memory-corruption.patch: Fix a memory corruption in qsort() when using nontransitive comparison functions. Checksums-Sha1: 92e10acfc3f42a8dd6745f2ac4d4fe3185462753 8347 glibc_2.31-13+deb11u8.dsc 61f429ddad0cb80fc19a25913bd36489e050a20a 960488 glibc_2.31-13+deb11u8.debian.tar.xz 40582702c75f3a1c36c837e112785df5462d16ac 9255 glibc_2.31-13+deb11u8_source.buildinfo Checksums-Sha256: a2b6b4147f2f39c8b0ae69605b4c6b5cad2a2cb64c5fd308e1fc1da97a836683 8347 glibc_2.31-13+deb11u8.dsc 9a1efa1b0b5c8ff7779c4c631cfefa371172c6bd1cbdb2be4bbc1dc1d4e91179 960488 glibc_2.31-13+deb11u8.debian.tar.xz a01bd1ce5af38d117ef20e4c6e197523ad8d31aedfc127a921fb2558cd60d214 9255 glibc_2.31-13+deb11u8_source.buildinfo Files: b1a315e73603ad56a942941eb3bdf152 8347 libs required glibc_2.31-13+deb11u8.dsc 6990852e97414ec19967860bc297c829 960488 libs required glibc_2.31-13+deb11u8.debian.tar.xz 17a2a827e09c558064a79977e75af2e4 9255 libs required glibc_2.31-13+deb11u8_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAmW23pIACgkQE4jA+Jno M2sSuw/+NqfPRicVwkE/CewQNhSLig+K/sgjiYNWCjwE2Clo3DQa88nfzg1IeDSJ oTbb7WHx5HnV9QOLsYlUJ9Jt/+tI8NU+4I+tW9uvfNX8r2vHamZXMcVoTs/Qtqmi ycQtjUPP6B0MQjPR3PbDcrVN/NFkb6WlzGf3mqhF4KkqYIR/OCSaEQ6sYGBW2Nsy zMBQ6h6ViNBsnBjGagsYqoS6cKRHRPljrxRXEbRV+XY+fsVd7BXD5tAWGVx1+YMC cfjhqfRwnXcIRONe+/eIEPJdR7tKVyhesPa/HyJE6LdX0Lo7RCadtOJB+Id+m6Ge P1ZQOjccylwcxyDljmrBWLiN8pySeb9UEKh4UCUXX7GEM1A/nnxv5MiNJFjVKJ0h 2cL5dnabW2ZDSUb/Gd5FBA821LfSbC/wpCU+/TXCV2Aj3Z53M47Iw2X0MsZLF9s9 3pTyRVWoECutkSu5Ov0Qnw0pMT4H7Lrfa0aKcqxC7FQMGL1MgSXvSfzen0iCv7Eu xVbVHQAXFYVB45ugQu2lHy2HG4Wg3DnJMc8HQBHlh2/DN0B+pw/8+ShRX5aIrxTr eP167iEF64Ypd7ze5g1lQdQexgWHo+zQ241gg95GJDNcdOBG5bwwcOqmyeD79Mc3 OYURkTuZWXXR/T6z7ojITja69//P/wenRBK8vyE50gyV+hq6/R4= =cMve -END PGP SIGNATURE-
Processing of glibc_2.31-13+deb11u8_source.changes
glibc_2.31-13+deb11u8_source.changes uploaded successfully to localhost along with the files: glibc_2.31-13+deb11u8.dsc glibc_2.31-13+deb11u8.debian.tar.xz glibc_2.31-13+deb11u8_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
Bug#1062006: bullseye-pu: package glibc/2.31-13+deb11u8
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: gl...@packages.debian.org
Control: affects -1 + src:glibc
[ Reason ]
A memory corruption was discovered in the glibc's qsort()
function, due to missing bounds check and when called by a program
with a non-transitive comparison function and a large number of
attacker-controlled elements. As the use of qsort() with a
non-transitive comparison function is undefined according to POSIX and
ISO C standards, this is not considered a vulnerability in the glibc
itself (hence no CVE number has been assigned).
However as misbehaving callers seems to be relatively common, it is
still a security issue and the qsort() function needs to be hardened
against them.
[ Impact ]
Installations will be left vulnerable to the qsort() security issue.
[ Tests ]
There is no specific test added for that change, however there are a few
upstream tests checking qsort().
[ Risks ]
The code change is very simple, and has been reviewed as part of
DSA-561-11. In addition a similar change went upstream a few weeks ago:
https://sourceware.org/git/?p=glibc.git;a=commit;h=e4d8117b82065dc72e8df80097360e7c05a349b9
https://sourceware.org/git/?p=glibc.git;a=commit;h=b9390ba93676c4b1e87e218af5e7e4bb596312ac
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
The change basically just add a bounds check to a test. This is what got
uploaded in 2.36-9+deb12u4 for bookworm-security and 2.37-15 for
unstable.
[ Other info ]
Given the limited changes, I have already uploaded the package to the
archive. Thanks for considering.
diff -Nru glibc-2.31/debian/changelog glibc-2.31/debian/changelog
--- glibc-2.31/debian/changelog 2023-10-02 22:22:57.0 +0200
+++ glibc-2.31/debian/changelog 2024-01-28 23:58:14.0 +0100
@@ -1,3 +1,10 @@
+glibc (2.31-13+deb11u8) bullseye; urgency=medium
+
+ * debian/patches/any/local-qsort-memory-corruption.patch: Fix a memory
+corruption in qsort() when using nontransitive comparison functions.
+
+ -- Aurelien Jarno Sun, 28 Jan 2024 23:58:14 +0100
+
glibc (2.31-13+deb11u7) bullseye-security; urgency=medium
* debian/patches/any/local-CVE-2023-4911.patch: Fix a buffer overflow in the
diff -Nru glibc-2.31/debian/patches/any/local-qsort-memory-corruption.patch
glibc-2.31/debian/patches/any/local-qsort-memory-corruption.patch
--- glibc-2.31/debian/patches/any/local-qsort-memory-corruption.patch
1970-01-01 01:00:00.0 +0100
+++ glibc-2.31/debian/patches/any/local-qsort-memory-corruption.patch
2024-01-28 23:58:14.0 +0100
@@ -0,0 +1,13 @@
+diff -rup a/stdlib/qsort.c b/stdlib/qsort.c
+--- a/stdlib/qsort.c 2023-07-31 10:54:16.0 -0700
b/stdlib/qsort.c 2024-01-15 09:08:25.596167959 -0800
+@@ -224,7 +224,8 @@ _quicksort (void *const pbase, size_t to
+ while ((run_ptr += size) <= end_ptr)
+ {
+ tmp_ptr = run_ptr - size;
+- while ((*cmp) ((void *) run_ptr, (void *) tmp_ptr, arg) < 0)
++ while (tmp_ptr != base_ptr
++ && (*cmp) ((void *) run_ptr, (void *) tmp_ptr, arg) < 0)
+ tmp_ptr -= size;
+
+ tmp_ptr += size;
diff -Nru glibc-2.31/debian/patches/series glibc-2.31/debian/patches/series
--- glibc-2.31/debian/patches/series2023-10-02 22:18:17.0 +0200
+++ glibc-2.31/debian/patches/series2024-01-28 23:58:14.0 +0100
@@ -170,3 +170,4 @@
any/git-ld.so-cache-endianness-markup.diff
any/local-CVE-2021-33574-mq_notify-use-after-free.diff
any/local-CVE-2023-4911.patch
+any/local-qsort-memory-corruption.patch
[Git][glibc-team/glibc] Pushed new tag debian/2.31-13+deb11u8
Aurelien Jarno pushed new tag debian/2.31-13+deb11u8 at GNU Libc Maintainers / glibc -- View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/tree/debian/2.31-13+deb11u8 You're receiving this email because of your account on salsa.debian.org.
[Git][glibc-team/glibc][bullseye] 2 commits: debian/patches/any/local-qsort-memory-corruption.patch: Fix a memory...
Aurelien Jarno pushed to branch bullseye at GNU Libc Maintainers / glibc Commits: 5bd3c879 by Aurelien Jarno at 2024-01-28T23:37:41+01:00 debian/patches/any/local-qsort-memory-corruption.patch: Fix a memory corruption in qsort() when using nontransitive comparison functions. - - - - - 0b339949 by Aurelien Jarno at 2024-01-29T00:01:39+01:00 releasing package glibc version 2.31-13+deb11u8 - - - - - 3 changed files: - debian/changelog - + debian/patches/any/local-qsort-memory-corruption.patch - debian/patches/series View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/compare/28c9092d857736d40cfe77cd6adcf7d7e6ab0eb0...0b339949abdb41aa805b7ab1e137ce07f9cfa175 -- View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/compare/28c9092d857736d40cfe77cd6adcf7d7e6ab0eb0...0b339949abdb41aa805b7ab1e137ce07f9cfa175 You're receiving this email because of your account on salsa.debian.org.
[Git][glibc-team/glibc] Pushed new branch bookworm-security
Aurelien Jarno pushed new branch bookworm-security at GNU Libc Maintainers / glibc -- View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/tree/bookworm-security You're receiving this email because of your account on salsa.debian.org.
[Git][glibc-team/glibc] Pushed new tag debian/2.36-9+deb12u4
Aurelien Jarno pushed new tag debian/2.36-9+deb12u4 at GNU Libc Maintainers / glibc -- View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/tree/debian/2.36-9+deb12u4 You're receiving this email because of your account on salsa.debian.org.
glibc_2.38-6_source.changes ACCEPTED into experimental
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 30 Jan 2024 19:28:04 +0100 Source: glibc Architecture: source Version: 2.38-6 Distribution: experimental Urgency: medium Maintainer: GNU Libc Maintainers Changed-By: Aurelien Jarno Changes: glibc (2.38-6) experimental; urgency=medium . * Merge from unstable. Checksums-Sha1: 751f06dbc13baae7ea32655d9a1114a8f523e772 9079 glibc_2.38-6.dsc 185919c14989696c07075cd091699db316450434 407160 glibc_2.38-6.debian.tar.xz f1581d36829b6dc799641a984d3dc581c50a 10285 glibc_2.38-6_source.buildinfo Checksums-Sha256: fae5c685d5e48368b0ae1d438676c8841463d38e8e02fa2cc0f6d4fd58b8d046 9079 glibc_2.38-6.dsc 72a64bc334e9d74f9475ee307166c5112a88251c498a9244069ddeccf63f8c03 407160 glibc_2.38-6.debian.tar.xz 9afa7cf5603c03e0f24beb2b8ea899ea26c95d29e7dc2d71aec8cf0a88f6b550 10285 glibc_2.38-6_source.buildinfo Files: c3a902ba78936a8ae2ec853d4549819a 9079 libs required glibc_2.38-6.dsc f1476516e07661813b367c694eba2250 407160 libs required glibc_2.38-6.debian.tar.xz 210aa6caf68706f68c834d9dfb434232 10285 libs required glibc_2.38-6_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAmW5QDEACgkQE4jA+Jno M2v9rRAAgE+gTNC+f3cd44ivq73o0yEvH/X0jQdOS95rseqwfe9Eu0gsRIsT8HTR oZdE03M+S88isLW/PtJAucXI3hCqT2KVwcv6/XH2O6QevvT+4Uet/PnBJCQlORYe dC2KRE+udWPYzguklSfzDpNmvukwH2OpocmhX2M08hF/fXmyqCeL2q1s+qi4/sEq YEMCAs+shYw0Bh12NrpSxPJEKdOQ4ijJQcVFc3P8NkRrj2r6Zc5SXQaG6SjdQuEV XvDorVFJ/0TI0CWRF3+zpKAHmC+WGeZFjz58VCStpiDg3FXKitPOGFGVXQSA9Ngp 5Iek7Jm1cys5ARCFPPhWt+hhahrBd0fUD7HJM4Siuksz20h7eCwSNYoWrwyKJbqy gHwYdjcFaLnP5zzat58wLHLuL0fySphWvgzkae/d7MvLAyzWhIljfh/f3JwSKhJE 9m7H12duaV1yNXhcXU+ZwhKTXt1mARNFeGL2TL5QuiASNVJZtesbEPCxzS6G9zUq Ps8iH3ktsWsQY828RhwoOkZ9awBeq26mcLoVGCnKpvF0dhBZGuz5WfGqgdRlGxB9 4duZpVR5SWkdkXurVQ1UtcTox9X1Sxh9EWK95NEeXfzrQ9FOgfJjufRIhhir7Htk iBfTF9xS7PldY4F8TP/jjk4sLRHhcbp0mKjKqN4J2IT/sv4+SIw= =SztO -END PGP SIGNATURE-
glibc_2.37-15_source.changes ACCEPTED into unstable
Thank you for your contribution to Debian. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 30 Jan 2024 19:20:04 +0100 Source: glibc Architecture: source Version: 2.37-15 Distribution: unstable Urgency: critical Maintainer: GNU Libc Maintainers Changed-By: Aurelien Jarno Changes: glibc (2.37-15) unstable; urgency=critical . * debian/patches/git-updates.diff: update from upstream stable branch: - Fix a heap buffer overflow in __vsyslog_internal (CVE-2023-6246). - Fix an off-by-one heap buffer overflow in __vsyslog_internal (CVE-2023-6779). - Fix an integer overflow in __vsyslog_internal (CVE-2023-6780). * debian/patches/any/local-qsort-memory-corruption.patch: Fix a memory corruption in qsort() when using nontransitive comparison functions. * Set urgency to critical given the security issues. Checksums-Sha1: efaac7aeb6b8a45a930ba197e3cfafbeae73478a 9043 glibc_2.37-15.dsc 86deae1ef76eb82118d6f0a616835d8084a6a3dc 411436 glibc_2.37-15.debian.tar.xz a2103318c4a8fb8ed33229aad90758975ff75394 10289 glibc_2.37-15_source.buildinfo Checksums-Sha256: 351a0d3904528628e75d53037e723f7ea32f61b8914481b056e1e46fc0f6fecd 9043 glibc_2.37-15.dsc 2fa1bfb802b34bc955fe5c66339af921d3db07429317c0142b689b5cbf38c5eb 411436 glibc_2.37-15.debian.tar.xz d1cf163c22f74f37b0bb7f95ba20e71c141665b5d8bb49cc08a8c90c13de2279 10289 glibc_2.37-15_source.buildinfo Files: 09e776e247156c81c3b67b12a6443fa8 9043 libs required glibc_2.37-15.dsc b40584e5b6b568f6575ae4eefd31e1ab 411436 libs required glibc_2.37-15.debian.tar.xz 5b073451619575fa623702288d556cc4 10289 libs required glibc_2.37-15_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAmW5PuIACgkQE4jA+Jno M2s+xQ/+JBfUYkjZsSm5WPUAny05RUE1xsx2/K1nQrwL0UNqvoge1ihUbrHCOMNy GEa6bjOcKiDnGpUrZNvz8QT5N0eEnjY4/0CRIc2PNau/bD12fJoROP+1f3DHWBcR /ekQoAZ+hZ05H8HAYRcLsAIp3IMtKjmLg9JrXrL/mwRZwbUOLycJ98L2snarH+9+ wuVwblU71f7XU3CqrYvHiKX4Yegzj9Bl6bakeqXobo3sFGeMD9tpYubHxKPE9RxE h7l32gh8lklxselCZi1f5tma6U1E82mr/b6D1LBmnLMffGSmz+mINlx/wYmsxpXp BLcWCrjfBdnf9xEt8y9oZuyEBC4HxHotfkEKYS3KvaLZ7e+Dmp8Uj3p89RhJ7ZZD f7ivJJBWmaifyWav7je+pbRira5m0QcBKwe3csRj+jPkE2HFdyw3l25wqMgoRvHm NmMfu9bKniFyW/7jS7ZNiflXuZfV2K2zeJkfUBmN0jjVjzxfqWRChq1/MBi8wK+J eAItien59oSCuV71jBFPvjWvtNmwyMmL1miK4T/WTNRIWR/QRuk4Jf11p9bbzOm5 SQHu7qpw9eihmRCA6kXTAqbdu5jeYq6Lnt4Fdq4FtHcOhXsu1PgE5GS+kHouWbZ9 /hhp3wDyqVEFl56Fto6saNdChlUbKFD4OKrQo2NP9TV61OJ0h1A= =r5uP -END PGP SIGNATURE-
glibc_2.36-9+deb12u4_source.changes ACCEPTED into proposed-updates->stable-new
Thank you for your contribution to Debian. Mapping stable-security to proposed-updates. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 23 Jan 2024 21:57:06 +0100 Source: glibc Architecture: source Version: 2.36-9+deb12u4 Distribution: bookworm-security Urgency: medium Maintainer: GNU Libc Maintainers Changed-By: Aurelien Jarno Changes: glibc (2.36-9+deb12u4) bookworm-security; urgency=medium . * debian/patches/any/local-CVE-2023-6246.patch: Fix a heap buffer overflow in __vsyslog_internal (CVE-2023-6246). * debian/patches/any/local-CVE-2023-6779.patch: Fix an off-by-one heap buffer overflow in __vsyslog_internal (CVE-2023-6779). * debian/patches/any/local-CVE-2023-6780.patch: Fix an integer overflow in __vsyslog_internal (CVE-2023-6780). * debian/patches/any/local-qsort-memory-corruption.patch: Fix a memory corruption in qsort() when using nontransitive comparison functions. Checksums-Sha1: fd0a00980ed101793543d0add5a65e28c0c3de70 9761 glibc_2.36-9+deb12u4.dsc 5176893fae2fe55f6f4e2acb9fbc301176805f0b 862120 glibc_2.36-9+deb12u4.debian.tar.xz 473acf011a52c9352aaf2a8a1702e2ceedf189df 9681 glibc_2.36-9+deb12u4_source.buildinfo Checksums-Sha256: 9bb617509a73c40b9885fc543e6b7a2b064b0c1e93043fba763a55c0a05a2f38 9761 glibc_2.36-9+deb12u4.dsc b650ed666dd8388b576c8b298abe26cfd0a0c548314e4d29674bd19b48e7b4b4 862120 glibc_2.36-9+deb12u4.debian.tar.xz 2c70daf1754654a09d1fc4efcbb676b2c1f4c26c89279ee9a49df611a43d21e8 9681 glibc_2.36-9+deb12u4_source.buildinfo Files: 609653fb3acbc08809636e95f192eaa5 9761 libs required glibc_2.36-9+deb12u4.dsc bef06cf1608c3514da2ccc16c3cf385d 862120 libs required glibc_2.36-9+deb12u4.debian.tar.xz f01cdf8092592a638be41acf7cb09197 9681 libs required glibc_2.36-9+deb12u4_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAmWwKJYACgkQE4jA+Jno M2toSA//VZztWgemjpO14toyyozuPdJBjmE33kyZKLJu8/xAW7uRb0HJhhlwC1Dc meln9rHE1Et5vA2Vb+7Mx8+4PslXTbl/LQrU9X6Oe7aH85FMBtmGQeTc9XKJvAL6 VjpUj6a+oKRKJPSbSQXhz2qyGP8dT7GBlma2qBfFZ0pehMNhQoOzpunKjz/hHIqB CtDt05yNDiXwnIq9rM13yFi/z/i3p6yUzcInV685TjtEIzm1z6HVXBPNkF2lddEU oG8CVAO8Smiw95IMbxyHB1sVveEdcz1mwPhohjGuPzRtnzKd1v/BiiDunmeoKH88 1CNc6hPXOEWcjPU/6k1BmPEqNd0USZkSSNVGV4yo7g9ohJDoGcyke1fcm3wsxh6O oRsuSiETT4xyE5pyJhDGMPzmRktiHYiFhivCj9MQGAppCx0A8+oeqPUNoeu5/N9t nVxld7RpQrYolHDyITuVkHWKO9LwpdjQi7zRdDG8r39jXgQBFVlZO18XHjFxN9oq xsmNiiclxRT0gferZuUhr/DDLQDGDry9T8l7YlqIdJL8LjzNF884owZq723EiglU JGzqjYHL+rTNbfeFruw7J3Me0v/DVLGPCbmVa24YdhVTGHkBQ6+tz7vAD6OATt2b oX9hwquBm8b9c4iqvBuMQenE/8/kDot9IDjFQp22wqPmHc7pVGM= =eXi9 -END PGP SIGNATURE-
Processing of glibc_2.38-6_source.changes
glibc_2.38-6_source.changes uploaded successfully to localhost along with the files: glibc_2.38-6.dsc glibc_2.38-6.debian.tar.xz glibc_2.38-6_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
Processing of glibc_2.37-15_source.changes
glibc_2.37-15_source.changes uploaded successfully to localhost along with the files: glibc_2.37-15.dsc glibc_2.37-15.debian.tar.xz glibc_2.37-15_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
[Git][glibc-team/glibc][glibc-2.38] 9 commits: debian/debhelper.in/locales.config: always ask for the default locale, even if...
Aurelien Jarno pushed to branch glibc-2.38 at GNU Libc Maintainers / glibc Commits: 79dd4ae0 by Aurelien Jarno at 2024-01-09T23:54:17+01:00 debian/debhelper.in/locales.config: always ask for the default locale, even if none are generated. This enables choosing C.UTF-8 as the default locale. Closes: #1060288. - - - - - 7442c1ad by Aurelien Jarno at 2024-01-22T22:45:01+01:00 debian/patches/git-updates.diff: update from upstream stable branch. - - - - - 947c4ea2 by Aurelien Jarno at 2024-01-22T22:51:08+01:00 debian/tests/control: disable autopkgtest on arm64, as the debci runners to do not have enough resources for some of the tests anymore. Closes: #1060202. - - - - - 5844d1db by Aurelien Jarno at 2024-01-23T07:13:43+01:00 releasing package glibc version 2.37-14 - - - - - f0839e5c by Aurelien Jarno at 2024-01-30T19:14:04+01:00 debian/patches/git-updates.diff: update from upstream stable branch: * debian/patches/git-updates.diff: update from upstream stable branch: - Fix a heap buffer overflow in __vsyslog_internal (CVE-2023-6246). - Fix an off-by-one heap buffer overflow in __vsyslog_internal (CVE-2023-6779). - Fix an integer overflow in __vsyslog_internal (CVE-2023-6780). - - - - - 662dbc4f by Aurelien Jarno at 2024-01-30T19:17:09+01:00 debian/patches/any/local-qsort-memory-corruption.patch: Fix a memory corruption in qsort() when using nontransitive comparison functions. - - - - - 53a40b39 by Aurelien Jarno at 2024-01-30T19:20:34+01:00 releasing package glibc version 2.37-15 - - - - - fa3c32fc by Aurelien Jarno at 2024-01-30T19:27:11+01:00 Merge branch sid into glibc-2.38 - - - - - 88aea6ee by Aurelien Jarno at 2024-01-30T19:28:10+01:00 releasing package glibc version 2.38-6 - - - - - 6 changed files: - debian/changelog - debian/debhelper.in/locales.config - + debian/patches/any/local-qsort-memory-corruption.patch - debian/patches/git-updates.diff - debian/patches/series - debian/tests/control View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/compare/170e7d68307ff7ec1e64a819b7336d3342ab396f...88aea6ee4b97c915571ca20b47a96544d8ae -- View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/compare/170e7d68307ff7ec1e64a819b7336d3342ab396f...88aea6ee4b97c915571ca20b47a96544d8ae You're receiving this email because of your account on salsa.debian.org.
[Git][glibc-team/glibc] Pushed new tag debian/2.38-6
Aurelien Jarno pushed new tag debian/2.38-6 at GNU Libc Maintainers / glibc -- View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/tree/debian/2.38-6 You're receiving this email because of your account on salsa.debian.org.
[Git][glibc-team/glibc][sid] 3 commits: debian/patches/git-updates.diff: update from upstream stable branch:
Aurelien Jarno pushed to branch sid at GNU Libc Maintainers / glibc Commits: f0839e5c by Aurelien Jarno at 2024-01-30T19:14:04+01:00 debian/patches/git-updates.diff: update from upstream stable branch: * debian/patches/git-updates.diff: update from upstream stable branch: - Fix a heap buffer overflow in __vsyslog_internal (CVE-2023-6246). - Fix an off-by-one heap buffer overflow in __vsyslog_internal (CVE-2023-6779). - Fix an integer overflow in __vsyslog_internal (CVE-2023-6780). - - - - - 662dbc4f by Aurelien Jarno at 2024-01-30T19:17:09+01:00 debian/patches/any/local-qsort-memory-corruption.patch: Fix a memory corruption in qsort() when using nontransitive comparison functions. - - - - - 53a40b39 by Aurelien Jarno at 2024-01-30T19:20:34+01:00 releasing package glibc version 2.37-15 - - - - - 4 changed files: - debian/changelog - + debian/patches/any/local-qsort-memory-corruption.patch - debian/patches/git-updates.diff - debian/patches/series View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/compare/5844d1dba69f002425d3ed499a61510414149bac...53a40b39f2ef5fd189aaeaa01c6244e66af37ad6 -- View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/compare/5844d1dba69f002425d3ed499a61510414149bac...53a40b39f2ef5fd189aaeaa01c6244e66af37ad6 You're receiving this email because of your account on salsa.debian.org.
[Git][glibc-team/glibc] Pushed new tag debian/2.37-15
Aurelien Jarno pushed new tag debian/2.37-15 at GNU Libc Maintainers / glibc -- View it on GitLab: https://salsa.debian.org/glibc-team/glibc/-/tree/debian/2.37-15 You're receiving this email because of your account on salsa.debian.org.
