lp:ubuntu/lucid-updates/eglibc
- Get this branch:
- bzr branch lp:ubuntu/lucid-updates/eglibc
Branch merges
Related bugs
Bug #694772: Sudden reboot during server ISO install | Undecided | Confirmed |
Related blueprints
Branch information
Recent revisions
- 60. By Marc Deslauriers
-
* SECURITY UPDATE: getaddrinfo writes to random file descriptors under
high load
- debian/patches/ any/cvs- resolv- reuse-fd. diff: reload file descriptor
after calling reopen in resolv/res_send.c.
- CVE-2013-7423
* SECURITY UPDATE: denial of service via endless loop in getaddr_r
- debian/patches/ any/cvs- getnetbyname. diff: iterate over alias names in
resolv/nss_dns/ dns-network. c.
- CVE-2014-9402 - 59. By Steve Beattie
-
* SECURITY UPDATE: buffer overflow in __nss_hostname_
digits_ dots
- debian/patches/ any/CVE- 2015-0235. diff: fix overflow in
nss/digits_ dots.c
- CVE-2015-0235 - 58. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service in IBM gconv modules
- debian/patches/ any/CVE- 2012-6656. diff: fix check in
iconvdata/ibm930. c.
- debian/patches/ any/cvs- CVE-2014- 6040.diff: fix checks in
iconvdata/ibm*.c.
- CVE-2012-6656
- CVE-2014-6040
* SECURITY UPDATE: arbitrary command execution via wordexp (LP: #1396471)
- debian/patches/ any/CVE- 2014-7817. diff: properly handle WRDE_NOCMD in
posix/wordexp. c, added tests to posix/wordexp- test.c.
- CVE-2014-7817 - 57. By Marc Deslauriers
-
* SECURITY REGRESSION: memleak in getaddrinfo (LP: #1364584)
- debian/patches/ CVE-2013- 4357-memleak. patch: fix memleak in
sysdeps/posix/getaddrin fo.c introduced by patch for CVE-2013-4357. - 56. By Adam Conrad
-
* SECURITY UPDATE: heap overflow in __gconv_
translit_ find() (LP: #1362409)
- debian/patches/ any/cvs- CVE-2014- 5119.diff: Backport upstream commit to
completely remove support for loadable gconv transliteration modules.
* SECURITY REGRESSION: localplt regression introduced in 2.11.1-0ubuntu7.14
- debian/patches/ any/submitted- CVE-2014- 0475.diff: update with a backport
of upstream commit ca38dc17 to include memmem hidden alias declaration. - 55. By Marc Deslauriers
-
* SECURITY REGRESSION: segfault when using nscd (LP: #1352504)
- debian/patches/ lp1352504. diff: don't free non-malloced memory and fix
memory leak in nscd/nscd_getserv_ r.c. - 54. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via buffer overflow in getaddrinfo
- debian/patches/ CVE-2013- 4357.patch: fix overflow in include/alloca.h,
nis/nss_nis/ nis-alias. c, nscd/nscd_ getserv_ r.c, posix/glob.c,
sysdeps/posix/getaddrin fo.c.
- CVE-2013-4357
* SECURITY UPDATE: denial of service via buffer overflow in getaddrinfo
- debian/patches/ any/CVE- 2013-4458. patch: fix overflow in
sysdeps/posix/getaddrin fo.c.
- CVE-2013-4458
* SECURITY UPDATE: Directory traversal in locale environment handling
- debian/patches/ any/CVE- 2014-0475. diff: validate locale names in
locale/findlocale. c, locale/setlocale.c, added test to
localedata/tst-setlocale3. c, localedata/ Makefile.
- CVE-2014-0475
* SECURITY UPDATE: use-after-free via posix_spawn_file_actions_ addopen
failing to copy the path argument
- debian/patches/ any/CVE- 2014-4043. diff: properly copy path in
posix/spawn_faction_ addopen. c, posix/spawn_ faction_ destroy. c,
posix/spawn_int. h, added test to posix/tst-spawn.c.
- CVE-2014-4043
* debian/patches/ any/CVE- 2013-4237- part2.diff: fix alignment issue
causing a readdir regression on sparc.
* debian/patches/ any/CVE- 2013-4332- part2.diff: added a couple of extra
commits to fix another overflow and an infinite loop. - 53. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
strcoll overflows
- debian/patches/ any/CVE- 2012-44xx. diff: fix overflows in
string/strcoll_ l.c, add test to string/ tst-strcoll- overflow. c,
string/Makefile.
- CVE-2012-4412
- CVE-2012-4424
* SECURITY UPDATE: denial of service in regular expression matcher
- debian/patches/ any/CVE- 2013-0242. diff: fix buffer overrun in
posix/regexec. c, add test to posix/bug- regex34. c, posix/Makefile.
- CVE-2013-0242
* SECURITY UPDATE: denial of service in getaddrinfo
- debian/patches/ any/CVE- 2013-1914. diff: fix overflow in
sysdeps/posix/getaddrin fo.c, add libc_hidden_proto for
__libc_alloca_ cutoff in include/alloca.h, nptl/Versions,
nptl/alloca_ cutoff. c.
- CVE-2013-1914
* SECURITY UPDATE: denial of service and possible code execution via
readdir_r
- debian/patches/ any/CVE- 2013-4237. diff: enforce NAME_MAX limit in
sysdeps/unix/readdir_ r.c, add errcode to sysdeps/ unix/dirstream. h,
sysdeps/unix/opendir. c, sysdeps/ unix/rewinddir. c, remove
GETDENTS_64BIT_ALIGNED from
sysdeps/unix/sysv/ linux/i386/ readdir64_ r.c,
sysdeps/unix/sysv/ linux/wordsize- 64/readdir_ r.c.
- CVE-2013-4237
* SECURITY UPDATE: denial of service and possible code execution via
overflows in memory allocator
- debian/patches/ any/CVE- 2013-4332. diff: check for overflows in
malloc/malloc. c.
- CVE-2013-4332 - 52. By Adam Conrad
-
* Pull three interdependent patches from Debian to fix AVX detection
problems on kernels or CPUs that lack support for it (LP: #979003):
- amd64/cvs-avx-detection. diff: Improved detection on old kernels.
- amd64/cvs-dl_trampoline- cfi.diff: fix CFI in dl_trampoline code.
- amd64/cvs-avx-osxsave. diff: Disable AVX without OSXAVE support.
* Also backport amd64/submitted-tst-audit6- avx.diff from oneiric to
skip tests if AVX extensions are not available on the build host.
* Use non-deprecated --reject-format= unified QUILT_PATCH_OPTS option. - 51. By Steve Beattie
-
* SECURITY UPDATE: buffer overflow in vfprintf handling
- debian/patches/ any/CVE- 2012-3404. patch: Fix allocation when
handling positional parameters in printf.
- CVE-2012-3404
* SECURITY UPDATE: buffer overflow in vfprintf handling
- debian/patches/ any/CVE- 2012-3405. patch: fix extension of array
- CVE-2012-3405
* SECURITY UPDATE: stack buffer overflow in vfprintf handling
(LP: #1031301)
- debian/patches/ any/CVE- 2012-3406. patch: switch to malloc when
array grows too large to handle via alloca extension
- CVE-2012-3406
* SECURITY UPDATE: stdlib strtod integer/buffer overflows
- debian/patches/ any/CVE- 2012-3480. patch: rearrange calculations
and modify types to void integer overflows
- CVE-2012-3480
* debian/patches/ any/strtod_ overflow_ bug7066. patch: Fix array
overflow in floating point parser triggered by applying patch for
CVE-2012-3480
* debian/testsuite- checking/ expected- results- x86_64- linux-gnu- libc,
debian/testsuite- checking/ expected- results- i486-linux- gnu-libc,
debian/testsuite- checking/ expected- results- i686-linux- gnu-i386,
debian/testsuite- checking/ expected- results- i686-linux- gnu-i686,
debian/testsuite- checking/ expected- results- i686-linux- gnu-xen,
debian/testsuite- checking/ expected- results- sparc64- linux-gnu- sparc64:
update for pre-existing testsuite failures that prevents FTBFS
when the testsuite is enabled.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/maverick/eglibc