[Bug 1546457] Re: libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

[Launchpad Bug Tracker]

This bug was fixed in the package glibc - 2.21-0ubuntu4.2

---
glibc (2.21-0ubuntu4.2) wily-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in gethostbyname_r and related
functions
- debian/patches/any/CVE-2015-1781.diff: take alignment padding
  into account when computing if buffer is too small.
- CVE-2015-1781
  * SECURITY UPDATE: glibc Name Service Switch (NSS) denial of sevice
- debian/patches/any/CVE-2014-8121-1.diff: do not close NSS files
  database during iteration.
- debian/patches/any/CVE-2014-8121-2.diff: Separate internal state
  between getXXent and getXXbyYY NSS calls.
- CVE-2014-8121
  * SECURITY UPDATE: glibc unbounded stack usage in NaN strtod
conversion
- debian/patches/any/CVE-2014-9761-1.diff: Refactor strtod parsing
  of NaN payloads.
- debian/patches/any/CVE-2014-9761-1.diff:  Fix nan functions
  handling of payload strings
- CVE-2014-9761
  * SECURITY UPDATE: out of range data to strftime() causes segfault
(denial of service)
- debian/patches/any/CVE-2015-8776.diff: add range checks to
  strftime() processing
- CVE-2015-8776
  * SECURITY UPDATE: glibc honors LD_POINTER_GUARD env for setuid
AT_SECURE programs (e.g. setuid), allowing disabling of pointer
mangling
- debian/patches/any/CVE-2015-8777.diff: Always enable pointer
  guard
- CVE-2015-8777
  * SECURITY UPDATE: integer overflow in hcreate and hcreate_r
- debian/patches/any/CVE-2015-8778.diff: check for large inputs
- CVE-2015-8778
  * SECURITY UPDATE: unbounded stack allocation in catopen()
- debian/patches/any/CVE-2015-8779.diff: stop using unbounded
  alloca()
- CVE-2015-8779
  * SECURITY UPDATE: Stack overflow in _nss_dns_getnetbyname_r
- debian/patches/any/CVE-2016-3075.diff: do not make unneeded
  memory copy on the stack.
- CVE-2016-3075
  * SECURITY UPDATE: pt_chown privilege escalation
- debian/patches/any/CVE-2016-2856.diff: grantpt: trust the kernel
  about pty group and permission mode
- debian/sysdeps/linux.mk: don't build pt_chown
- debian/rules.d/debhelper.mk: only install pt_chown when built.
- CVE-2016-2856, CVE-2013-2207
  * debian/debhelper.in/libc.postinst: add reboot notifications for
security updates (LP: #1546457)

 -- Steve Beattie   Fri, 08 Apr 2016 09:44:34 -0700

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1546457

Title:
  libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1546457/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1546457] Re: libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

[Launchpad Bug Tracker]

This bug was fixed in the package eglibc - 2.19-0ubuntu6.8

---
eglibc (2.19-0ubuntu6.8) trusty-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in gethostbyname_r and related
functions
- debian/patches/any/CVE-2015-1781.diff: take alignment padding
  into account when computing if buffer is too small.
- CVE-2015-1781
  * SECURITY UPDATE: glibc Name Service Switch (NSS) denial of sevice
- debian/patches/any/CVE-2014-8121-1.diff: do not close NSS files
  database during iteration.
- debian/patches/any/CVE-2014-8121-2.diff: Separate internal state
  between getXXent and getXXbyYY NSS calls.
- CVE-2014-8121
  * SECURITY UPDATE: glibc unbounded stack usage in NaN strtod
conversion
- debian/patches/any/CVE-2014-9761-1.diff: Refactor strtod parsing
  of NaN payloads.
- debian/patches/any/CVE-2014-9761-1.diff:  Fix nan functions
  handling of payload strings
- CVE-2014-9761
  * SECURITY UPDATE: NSS files long line buffer overflow
- debian/patches/any/CVE-2015-5277.diff: Don't ignore too long
  lines in nss_files
- CVE-2015-5277
  * SECURITY UPDATE: out of range data to strftime() causes segfault
(denial of service)
- debian/patches/any/CVE-2015-8776.diff: add range checks to
  strftime() processing
- CVE-2015-8776
  * SECURITY UPDATE: glibc honors LD_POINTER_GUARD env for setuid
AT_SECURE programs (e.g. setuid), allowing disabling of pointer
mangling
- debian/patches/any/CVE-2015-8777.diff: Always enable pointer
  guard
- CVE-2015-8777
  * SECURITY UPDATE: integer overflow in hcreate and hcreate_r
- debian/patches/any/CVE-2015-8778.diff: check for large inputs
- CVE-2015-8778
  * SECURITY UPDATE: unbounded stack allocation in catopen()
- debian/patches/any/CVE-2015-8779.diff: stop using unbounded
  alloca()
- CVE-2015-8779
  * SECURITY UPDATE: Stack overflow in _nss_dns_getnetbyname_r
- debian/patches/any/CVE-2016-3075.diff: do not make unneeded
  memory copy on the stack.
- CVE-2016-3075
  * SECURITY UPDATE: pt_chown privilege escalation
- debian/patches/any/CVE-2016-2856.diff: grantpt: trust the kernel
  about pty group and permission mode
- debian/sysdeps/linux.mk: don't build pt_chown
- debian/rules.d/debhelper.mk: only install pt_chown when built.
- CVE-2016-2856, CVE-2013-2207
  * debian/debhelper.in/libc.postinst: add reboot notifications for
security updates (LP: #1546457)
  * debian/patches/ubuntu/submitted-no-stack-backtrace.diff: update
patch to eliminate compiler warning.

 -- Steve Beattie   Fri, 08 Apr 2016 23:26:02 -0700

** Changed in: eglibc (Ubuntu Trusty)
   Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-5277

** Changed in: eglibc (Ubuntu Trusty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1546457

Title:
  libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1546457/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1546457] Re: libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

[Launchpad Bug Tracker]

This bug was fixed in the package glibc - 2.21-0ubuntu4.2

---
glibc (2.21-0ubuntu4.2) wily-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in gethostbyname_r and related
functions
- debian/patches/any/CVE-2015-1781.diff: take alignment padding
  into account when computing if buffer is too small.
- CVE-2015-1781
  * SECURITY UPDATE: glibc Name Service Switch (NSS) denial of sevice
- debian/patches/any/CVE-2014-8121-1.diff: do not close NSS files
  database during iteration.
- debian/patches/any/CVE-2014-8121-2.diff: Separate internal state
  between getXXent and getXXbyYY NSS calls.
- CVE-2014-8121
  * SECURITY UPDATE: glibc unbounded stack usage in NaN strtod
conversion
- debian/patches/any/CVE-2014-9761-1.diff: Refactor strtod parsing
  of NaN payloads.
- debian/patches/any/CVE-2014-9761-1.diff:  Fix nan functions
  handling of payload strings
- CVE-2014-9761
  * SECURITY UPDATE: out of range data to strftime() causes segfault
(denial of service)
- debian/patches/any/CVE-2015-8776.diff: add range checks to
  strftime() processing
- CVE-2015-8776
  * SECURITY UPDATE: glibc honors LD_POINTER_GUARD env for setuid
AT_SECURE programs (e.g. setuid), allowing disabling of pointer
mangling
- debian/patches/any/CVE-2015-8777.diff: Always enable pointer
  guard
- CVE-2015-8777
  * SECURITY UPDATE: integer overflow in hcreate and hcreate_r
- debian/patches/any/CVE-2015-8778.diff: check for large inputs
- CVE-2015-8778
  * SECURITY UPDATE: unbounded stack allocation in catopen()
- debian/patches/any/CVE-2015-8779.diff: stop using unbounded
  alloca()
- CVE-2015-8779
  * SECURITY UPDATE: Stack overflow in _nss_dns_getnetbyname_r
- debian/patches/any/CVE-2016-3075.diff: do not make unneeded
  memory copy on the stack.
- CVE-2016-3075
  * SECURITY UPDATE: pt_chown privilege escalation
- debian/patches/any/CVE-2016-2856.diff: grantpt: trust the kernel
  about pty group and permission mode
- debian/sysdeps/linux.mk: don't build pt_chown
- debian/rules.d/debhelper.mk: only install pt_chown when built.
- CVE-2016-2856, CVE-2013-2207
  * debian/debhelper.in/libc.postinst: add reboot notifications for
security updates (LP: #1546457)

 -- Steve Beattie   Fri, 08 Apr 2016 09:44:34 -0700

** Changed in: glibc (Ubuntu Wily)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1546457

Title:
  libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1546457/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1546457] Re: libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

[Launchpad Bug Tracker]

This bug was fixed in the package eglibc - 2.15-0ubuntu10.14

---
eglibc (2.15-0ubuntu10.14) precise-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in gethostbyname_r and related
functions
- debian/patches/any/CVE-2015-1781.diff: take alignment padding
  into account when computing if buffer is too small.
- CVE-2015-1781
  * SECURITY UPDATE: glibc Name Service Switch (NSS) denial of sevice
- debian/patches/any/CVE-2014-8121-1.diff: do not close NSS files
  database during iteration.
- debian/patches/any/CVE-2014-8121-2.diff: Separate internal state
  between getXXent and getXXbyYY NSS calls.
- CVE-2014-8121
  * SECURITY UPDATE: glibc unbounded stack usage in NaN strtod
conversion
- debian/patches/any/CVE-2014-9761-1.diff: Refactor strtod parsing
  of NaN payloads.
- debian/patches/any/CVE-2014-9761-1.diff:  Fix nan functions
  handling of payload strings
- CVE-2014-9761
  * SECURITY UPDATE: out of range data to strftime() causes segfault
(denial of service)
- debian/patches/any/CVE-2015-8776.diff: add range checks to
  strftime() processing
- CVE-2015-8776
  * SECURITY UPDATE: glibc honors LD_POINTER_GUARD env for setuid
AT_SECURE programs (e.g. setuid), allowing disabling of pointer
mangling
- debian/patches/any/CVE-2015-8777.diff: Always enable pointer
  guard
- CVE-2015-8777
  * SECURITY UPDATE: integer overflow in hcreate and hcreate_r
- debian/patches/any/CVE-2015-8778.diff: check for large inputs
- CVE-2015-8778
  * SECURITY UPDATE: unbounded stack allocation in catopen()
- debian/patches/any/CVE-2015-8779.diff: stop using unbounded
  alloca()
- CVE-2015-8779
  * SECURITY UPDATE: Stack overflow in _nss_dns_getnetbyname_r
- debian/patches/any/CVE-2016-3075.diff: do not make unneeded
  memory copy on the stack.
- CVE-2016-3075
  * SECURITY UPDATE: pt_chown privilege escalation
- debian/patches/any/CVE-2016-2856-pre.diff: add option to
  enable/disable pt_chown.
- debian/patches/any/CVE-2016-2856.diff: grantpt: trust the kernel
  about pty group and permission mode
- debian/debhelper.in/libc-bin.install: drop installation of
  pt_chown
- CVE-2016-2856, CVE-2013-2207
  * debian/debhelper.in/libc.postinst: add reboot notifications for
security updates (LP: #1546457)

 -- Steve Beattie   Fri, 08 Apr 2016 23:59:46 -0700

** Changed in: eglibc (Ubuntu Precise)
   Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2207

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-8121

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-9761

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1781

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8776

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8777

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8778

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8779

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-2856

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1546457

Title:
  libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1546457/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1546457] Re: libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

[Launchpad Bug Tracker]

This bug was fixed in the package eglibc - 2.19-0ubuntu6.8

---
eglibc (2.19-0ubuntu6.8) trusty-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in gethostbyname_r and related
functions
- debian/patches/any/CVE-2015-1781.diff: take alignment padding
  into account when computing if buffer is too small.
- CVE-2015-1781
  * SECURITY UPDATE: glibc Name Service Switch (NSS) denial of sevice
- debian/patches/any/CVE-2014-8121-1.diff: do not close NSS files
  database during iteration.
- debian/patches/any/CVE-2014-8121-2.diff: Separate internal state
  between getXXent and getXXbyYY NSS calls.
- CVE-2014-8121
  * SECURITY UPDATE: glibc unbounded stack usage in NaN strtod
conversion
- debian/patches/any/CVE-2014-9761-1.diff: Refactor strtod parsing
  of NaN payloads.
- debian/patches/any/CVE-2014-9761-1.diff:  Fix nan functions
  handling of payload strings
- CVE-2014-9761
  * SECURITY UPDATE: NSS files long line buffer overflow
- debian/patches/any/CVE-2015-5277.diff: Don't ignore too long
  lines in nss_files
- CVE-2015-5277
  * SECURITY UPDATE: out of range data to strftime() causes segfault
(denial of service)
- debian/patches/any/CVE-2015-8776.diff: add range checks to
  strftime() processing
- CVE-2015-8776
  * SECURITY UPDATE: glibc honors LD_POINTER_GUARD env for setuid
AT_SECURE programs (e.g. setuid), allowing disabling of pointer
mangling
- debian/patches/any/CVE-2015-8777.diff: Always enable pointer
  guard
- CVE-2015-8777
  * SECURITY UPDATE: integer overflow in hcreate and hcreate_r
- debian/patches/any/CVE-2015-8778.diff: check for large inputs
- CVE-2015-8778
  * SECURITY UPDATE: unbounded stack allocation in catopen()
- debian/patches/any/CVE-2015-8779.diff: stop using unbounded
  alloca()
- CVE-2015-8779
  * SECURITY UPDATE: Stack overflow in _nss_dns_getnetbyname_r
- debian/patches/any/CVE-2016-3075.diff: do not make unneeded
  memory copy on the stack.
- CVE-2016-3075
  * SECURITY UPDATE: pt_chown privilege escalation
- debian/patches/any/CVE-2016-2856.diff: grantpt: trust the kernel
  about pty group and permission mode
- debian/sysdeps/linux.mk: don't build pt_chown
- debian/rules.d/debhelper.mk: only install pt_chown when built.
- CVE-2016-2856, CVE-2013-2207
  * debian/debhelper.in/libc.postinst: add reboot notifications for
security updates (LP: #1546457)
  * debian/patches/ubuntu/submitted-no-stack-backtrace.diff: update
patch to eliminate compiler warning.

 -- Steve Beattie   Fri, 08 Apr 2016 23:26:02 -0700

** Changed in: glibc (Ubuntu Wily)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1546457

Title:
  libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1546457/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1546457] Re: libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

[Martin Pitt]

What's the status on this, can we release them now? We suppose I should
not release them to -updates, but you will handle this through
-security?

Note that there are a few autopkgtest regressions, but these are not
really glibc's fault. The vast majority are green, so I think this is
good enough.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1546457

Title:
  libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1546457/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1546457] Re: libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

[Mathew Hodson]

** Changed in: eglibc (Ubuntu Trusty)
   Status: New => Fix Committed

** Changed in: eglibc (Ubuntu Trusty)
   Importance: Undecided => High

** No longer affects: glibc (Ubuntu Precise)

** No longer affects: glibc (Ubuntu Trusty)

** Changed in: glibc (Ubuntu Wily)
   Status: New => Fix Committed

** Changed in: glibc (Ubuntu Wily)
   Importance: Undecided => High

** Changed in: eglibc (Ubuntu Precise)
   Status: New => Fix Committed

** Changed in: eglibc (Ubuntu Precise)
   Importance: Undecided => High

** No longer affects: eglibc (Ubuntu)

** No longer affects: eglibc (Ubuntu Wily)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1546457

Title:
  libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1546457/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1546457] Re: libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

[Steve Beattie]

I've verified that the the eglibc and glibc packages currently in
proposed (precise/2.15-0ubuntu10.14, trusty/2.19-0ubuntu6.8, and
wily/2.21-0ubuntu4.2) all trigger the reboot notification when
installing/upgrading.

(Note that these glibc updates are in proposed for wider testing before
being moved to sucurity/updates.)

** Changed in: eglibc (Ubuntu)
   Status: Fix Committed => Invalid

** Tags added: verification-done

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1546457

Title:
  libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1546457/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1546457] Re: libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

[Steve Beattie]

** Also affects: glibc (Ubuntu Precise)
   Importance: Undecided
   Status: New

** Also affects: eglibc (Ubuntu Precise)
   Importance: Undecided
   Status: New

** Also affects: glibc (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: eglibc (Ubuntu Trusty)
   Importance: Undecided
   Status: New

** Also affects: glibc (Ubuntu Wily)
   Importance: Undecided
   Status: New

** Also affects: eglibc (Ubuntu Wily)
   Importance: Undecided
   Status: New

** Changed in: eglibc (Ubuntu Wily)
   Status: New => Invalid

** Changed in: glibc (Ubuntu Precise)
   Status: New => Invalid

** Changed in: glibc (Ubuntu Trusty)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1546457

Title:
  libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1546457/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1546457] Re: libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

[Mathew Hodson]

** Also affects: eglibc (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: eglibc (Ubuntu)
   Importance: Undecided => High

** Changed in: eglibc (Ubuntu)
   Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1546457

Title:
  libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1546457/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1546457] Re: libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

[Launchpad Bug Tracker]

This bug was fixed in the package glibc - 2.23-0ubuntu3

---
glibc (2.23-0ubuntu3) xenial; urgency=medium

  * Merge with 2.23 from experimental, bringing in upstream updates:
- Save/restore fprs/vrs while resolving symbols (LP: #1564918)
- Fix _nss_dns_getnetbyname_r() stack overflow (CVE-2016-3075)
- Merge libnss-dns-udeb and libnss-files-udeb into libc6-udeb.
  * Tidy up locale-gen, thanks to Gunnar Hjalmarsson (LP: #1560577):
- Fix thinko that broke handling of multiple locale arguments.
- Recognize UTF-8 locales without charset suffix in SUPPORTED.
- Fix bug that led to the unsupported message not being shown.
  * Show reboot-required notification for all updates (LP: #1546457)

 -- Adam Conrad   Thu, 14 Apr 2016 10:26:16 -0600

** Changed in: glibc (Ubuntu)
   Status: Confirmed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-3075

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1546457

Title:
  libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1546457/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1546457] Re: libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

[Marc Deslauriers]

** Changed in: glibc (Ubuntu)
 Assignee: Marc Deslauriers (mdeslaur) => Adam Conrad (adconrad)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1546457

Title:
  libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1546457/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1546457] Re: libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

[Brian Murray]

** Changed in: glibc (Ubuntu)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1546457

Title:
  libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1546457/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1546457] Re: libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

[Marc Deslauriers]

** Changed in: glibc (Ubuntu)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1546457

Title:
  libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1546457/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1546457] Re: libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

[Dimitri John Ledkov]

eglibc (2.19-0ubuntu6.7) trusty-security; urgency=medium

  * SECURITY UPDATE: glibc getaddrinfo stack-based buffer overflow
- debian/patches/any/CVE-2015-7547-pre1.diff: fix memory leak in
  resolv/nss_dns/dns-host.c.
- debian/patches/any/CVE-2015-7547-pre2.diff: fix memory leak in
  include/resolv.h, resolv/gethnamaddr.c, resolv/nss_dns/dns-canon.c,
  resolv/nss_dns/dns-host.c, resolv/nss_dns/dns-network.c,
  resolv/res_query.c, resolv/res_send.c.
- debian/patches/any/CVE-2015-7547.diff: fix buffer handling in
  resolv/nss_dns/dns-host.c, resolv/res_query.c, resolv/res_send.c.
- CVE-2015-7547

Across all releases did not mark reboot required.

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-7547

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1546457

Title:
  libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1546457/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1546457] Re: libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

[Launchpad Bug Tracker]

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: glibc (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1546457

Title:
  libc6 2.15-0ubuntu10.13 doesn't mark reboot-required

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1546457/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs