lp://staging/ubuntu/trusty-updates/eglibc
- Get this branch:
- bzr branch lp://staging/ubuntu/trusty-updates/eglibc
Branch merges
Related source package recipes
Branch information
Recent revisions
- 349. By Steve Beattie
-
* REGRESSION UPDATE: revert CVE-2014-9761 fix due to added symbol
dependency from libm to libc (LP: #1585614)
- debian/patches/ any/CVE- 2014-9761- 2.diff: keep exporting
__strto*_nan symbols added to libc. - 348. By Steve Beattie
-
* SECURITY UPDATE: buffer overflow in gethostbyname_r and related
functions
- debian/patches/ any/CVE- 2015-1781. diff: take alignment padding
into account when computing if buffer is too small.
- CVE-2015-1781
* SECURITY UPDATE: glibc Name Service Switch (NSS) denial of sevice
- debian/patches/ any/CVE- 2014-8121- 1.diff: do not close NSS files
database during iteration.
- debian/patches/ any/CVE- 2014-8121- 2.diff: Separate internal state
between getXXent and getXXbyYY NSS calls.
- CVE-2014-8121
* SECURITY UPDATE: glibc unbounded stack usage in NaN strtod
conversion
- debian/patches/ any/CVE- 2014-9761- 1.diff: Refactor strtod parsing
of NaN payloads.
- debian/patches/ any/CVE- 2014-9761- 1.diff: Fix nan functions
handling of payload strings
- CVE-2014-9761
* SECURITY UPDATE: NSS files long line buffer overflow
- debian/patches/ any/CVE- 2015-5277. diff: Don't ignore too long
lines in nss_files
- CVE-2015-5277
* SECURITY UPDATE: out of range data to strftime() causes segfault
(denial of service)
- debian/patches/ any/CVE- 2015-8776. diff: add range checks to
strftime() processing
- CVE-2015-8776
* SECURITY UPDATE: glibc honors LD_POINTER_GUARD env for setuid
AT_SECURE programs (e.g. setuid), allowing disabling of pointer
mangling
- debian/patches/ any/CVE- 2015-8777. diff: Always enable pointer
guard
- CVE-2015-8777
* SECURITY UPDATE: integer overflow in hcreate and hcreate_r
- debian/patches/ any/CVE- 2015-8778. diff: check for large inputs
- CVE-2015-8778
* SECURITY UPDATE: unbounded stack allocation in catopen()
- debian/patches/ any/CVE- 2015-8779. diff: stop using unbounded
alloca()
- CVE-2015-8779
* SECURITY UPDATE: Stack overflow in _nss_dns_getnetbyname_ r
- debian/patches/ any/CVE- 2016-3075. diff: do not make unneeded
memory copy on the stack.
- CVE-2016-3075
* SECURITY UPDATE: pt_chown privilege escalation
- debian/patches/ any/CVE- 2016-2856. diff: grantpt: trust the kernel
about pty group and permission mode
- debian/sysdeps/ linux.mk: don't build pt_chown
- debian/rules.d/ debhelper. mk: only install pt_chown when built.
- CVE-2016-2856, CVE-2013-2207
* debian/debhelper. in/libc. postinst: add reboot notifications for
security updates (LP: #1546457)
* debian/patches/ ubuntu/ submitted- no-stack- backtrace. diff: update
patch to eliminate compiler warning. - 347. By Marc Deslauriers
-
* SECURITY UPDATE: glibc getaddrinfo stack-based buffer overflow
- debian/patches/ any/CVE- 2015-7547- pre1.diff: fix memory leak in
resolv/nss_dns/ dns-host. c.
- debian/patches/ any/CVE- 2015-7547- pre2.diff: fix memory leak in
include/resolv. h, resolv/ gethnamaddr. c, resolv/ nss_dns/ dns-canon. c,
resolv/nss_dns/ dns-host. c, resolv/ nss_dns/ dns-network. c,
resolv/res_query. c, resolv/res_send.c.
- debian/patches/ any/CVE- 2015-7547. diff: fix buffer handling in
resolv/nss_dns/ dns-host. c, resolv/res_query.c, resolv/res_send.c.
- CVE-2015-7547 - 346. By Marc Deslauriers
-
* SECURITY UPDATE: getaddrinfo writes to random file descriptors under
high load
- debian/patches/ any/cvs- resolv- reuse-fd. diff: reload file descriptor
after calling reopen in resolv/res_send.c.
- CVE-2013-7423
* SECURITY UPDATE: denial of service via endless loop in getaddr_r
- debian/patches/ any/cvs- getnetbyname. diff: iterate over alias names in
resolv/nss_dns/ dns-network. c.
- CVE-2014-9402
* SECURITY UPDATE: buffer overflow in wscanf
- debian/patches/ any/cvs- wscanf. diff: calculate correct size in
stdio-common/ vfscanf. c, added test to stdio-common/ tst-sscanf. c.
- CVE-2015-1472
- CVE-2015-1473 - 345. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service in IBM gconv modules
- debian/patches/ any/cvs- CVE-2014- 6040.diff: fix checks in
iconvdata/ibm*.c.
- CVE-2014-6040
* SECURITY UPDATE: arbitrary command execution via wordexp (LP: #1396471)
- debian/patches/ any/CVE- 2014-7817. diff: properly handle WRDE_NOCMD in
posix/wordexp. c, added tests to posix/wordexp- test.c.
- CVE-2014-7817 - 344. By Adam Conrad
-
* SECURITY UPDATE: heap overflow in __gconv_
translit_ find() (LP: #1362409)
- debian/patches/ any/cvs- CVE-2014- 5119.diff: Backport upstream commit to
completely remove support for loadable gconv transliteration modules. - 343. By Marc Deslauriers
-
* SECURITY UPDATE: Directory traversal in locale environment handling
- debian/patches/ any/CVE- 2014-0475. diff: validate locale names in
locale/findlocale. c, locale/setlocale.c, added test to
localedata/tst-setlocale3. c, localedata/ Makefile.
- CVE-2014-0475
* SECURITY UPDATE: use-after-free via posix_spawn_file_actions_ addopen
failing to copy the path argument
- debian/patches/ any/CVE- 2014-4043. diff: properly copy path in
posix/spawn_faction_ addopen. c, posix/spawn_ faction_ destroy. c,
posix/spawn_int. h, added test to posix/tst-spawn.c.
- CVE-2014-4043 - 342. By Adam Conrad
-
debian/
patches/ arm64/submitted -setcontext. diff: Update to new version
of Will's setcontext patch to fix sigmask handling bug (LP: #1306829) - 341. By Adam Conrad
-
* Merge with unreleased 2.19 from Debian experimental, fixing more bugs:
- Pull in arm64 patches to fix setcontext corruption (LP: #1279620)
- Apply the IBM 2.19 branch for POWER8 bug fixes and optimizations.
- Change M_CHECK_ACTION to abort if first MALLOC_CHECK_ bit is set. - 340. By Michael Vogt
-
* debian/
debhelper. in/libc. preinst:
- do not show glibc/restart-services question when the system
is uprading via the desktop session (LP: #1298281)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/utopic/eglibc
