[Bug 953171] Re: Please fix CVE-2012-0864 in precise
** Changed in: eglibc (Ubuntu) Assignee: Canonical Foundations Team (canonical-foundations) = Adam Conrad (adconrad) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/953171 Title: Please fix CVE-2012-0864 in precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/953171/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 953171] Re: Please fix CVE-2012-0864 in precise
This bug was fixed in the package eglibc - 2.15-0ubuntu6 --- eglibc (2.15-0ubuntu6) precise; urgency=low * SECURITY UPDATE: denial of service in RPC implementation (LP: #901716) - debian/patches/any/local-CVE-2011-4609.patch: nanosleep when too many open fds are detected - CVE-2011-4609 * SECURITY UPDATE: vfprintf nargs overflow leading to FORTIFY check bypass (LP: #953171) - debian/patches/any/cvs-CVE-2012-0864.patch: check for integer overflow - CVE-2012-0864 -- Steve Beattie sbeat...@ubuntu.com Mon, 12 Mar 2012 09:20:41 -0700 ** Changed in: eglibc (Ubuntu) Status: In Progress = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-4609 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-0864 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/953171 Title: Please fix CVE-2012-0864 in precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/953171/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 953171] Re: Please fix CVE-2012-0864 in precise
I'm unsubscribing sponsors, as apparently this isn't supposed to be uploaded by sponsors. Please re-subscribe if that changed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/953171 Title: Please fix CVE-2012-0864 in precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/953171/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 953171] Re: Please fix CVE-2012-0864 in precise
** Changed in: eglibc (Ubuntu) Milestone: None = ubuntu-12.04-beta-2 ** Tags added: rls-p-tracking -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/953171 Title: Please fix CVE-2012-0864 in precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/953171/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 953171] Re: Please fix CVE-2012-0864 in precise
** Changed in: eglibc (Ubuntu) Importance: Undecided = High ** Changed in: eglibc (Ubuntu) Assignee: (unassigned) = Canonical Foundations Team (canonical-foundations) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/953171 Title: Please fix CVE-2012-0864 in precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/953171/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 953171] Re: Please fix CVE-2012-0864 in precise
** Changed in: eglibc (Ubuntu) Status: New = In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/953171 Title: Please fix CVE-2012-0864 in precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/953171/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 953171] Re: Please fix CVE-2012-0864 in precise
I build/tested this and its fine, it can be uploaded but apparently there is another fix pending that should be bundled. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/953171 Title: Please fix CVE-2012-0864 in precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/953171/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 953171] Re: Please fix CVE-2012-0864 in precise
For the record, bzr reports the packaging branch for eglibc is out of date. Here is a debdiff to fix this issue and bug 901716. Confirmed to build on precise/amd64. ** Patch added: eglibc_2.15-0ubuntu6.debdiff https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/953171/+attachment/2857516/+files/eglibc_2.15-0ubuntu6.debdiff ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/953171 Title: Please fix CVE-2012-0864 in precise To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/953171/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs