lp:ubuntu/hardy-security/glibc

Created by James Westby on 2010-05-25 and last modified on 2012-12-17
Get this branch:
bzr branch lp:ubuntu/hardy-security/glibc
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Mature

Recent revisions

95. By Marc Deslauriers on 2012-12-15

debian/patches/any/strtod_overflow_bug7066.patch: Fix array
overflow in floating point parser triggered by applying patch for
CVE-2012-3480 (LP: #1090740)

94. By Steve Beattie on 2012-09-28

* SECURITY UPDATE: buffer overflow in vfprintf handling
  - debian/patches/any/CVE-2012-3404.patch: Fix allocation when
    handling positional parameters in printf.
  - CVE-2012-3404
* SECURITY UPDATE: buffer overflow in vfprintf handling
  - debian/patches/any/CVE-2012-3405.patch: fix extension of array
  - CVE-2012-3405
* SECURITY UPDATE: stack buffer overflow in vfprintf handling
  (LP: #1031301)
  - debian/patches/any/CVE-2012-3406.patch: switch to malloc when
    array grows too large to handle via alloca extension
  - CVE-2012-3406
* SECURITY UPDATE: stdlib strtod integer/buffer overflows
  - debian/patches/any/CVE-2012-3480.patch: rearrange calculations
    and modify types to void integer overflows
  - CVE-2012-3480
* debian/expected_test_summary: update expected results to prevent FTBFS

93. By Steve Beattie on 2012-03-06

* SECURITY UPDATE: timezone header parsing integer overflow (LP: #906961)
  - debian/patches/any/glibc-CVE-2009-5029.patch: Check values from
    TZ file header
  - CVE-2009-5029
* SECURITY UPDATE:
  - debian/patches/any/submitted-nis-shadow.diff remove encrypted
    passwords from passwd entries, and add them in shadow entries and
    fix incorrect password overwriting
  - CVE-2010-0015
* SECURITY UPDATE: memory consumption denial of service in fnmatch
  - debian/patches/any/glibc-CVE-2011-1071.patch: avoid too much
    stack use in fnmatch.
  - CVE-2011-1071
* SECURITY UPDATE: /etc/mtab corruption denial of service
  - debian/patches/any/glibc-CVE-2011-1089.patch: Report write
    error in addmnt even for cached streams
  - CVE-2011-1089
* SECURITY UPDATE: insufficient locale environment sanitization
  - debian/patches/any/glibc-CVE-2011-1095.patch: escape contents of
    LANG environment variable.
  - CVE-2011-1095
* SECURITY UPDATE: ld.so insecure handling of privileged programs'
  RPATHs with $ORIGIN
  - debian/patches/any/glibc-CVE-2011-1658.patch: improve handling of
    RPATH and ORIGIN
  - CVE-2011-1658
* SECURITY UPDATE: fnmatch integer overflow
  - debian/patches/any/glibc-CVE-2011-1659.patch: check size of
    pattern in wide character representation
  - CVE-2011-1659
* SECURITY UPDATE: signedness bug in memcpy_ssse3
  - debian/patches/any/glibc-CVE-2011-2702.patch: use unsigned
    comparison instructions
  - CVE-2011-2702
* SECURITY UPDATE: DoS in RPC implementation (LP: #901716)
  - debian/patches/any/glibc-CVE-2011-4609.patch: nanosleep when too
    many open fds is detected
  - CVE-2011-4609
* SECURITY UPDATE: vfprintf nargs overflow leading to FORTIFY
  check bypass
  - debian/patches/any/glibc-CVE-2012-0864.patch: check for integer
    overflow
  - CVE-2012-0864

92. By Kees Cook on 2011-01-10

* SECURITY UPDATE: setuid iconv users could load arbitrary libraries.
  - debian/patches/any/dst-expansion-fix.diff: refresh with new
    proposed solution, avoiding iconv issues.
  - any/cvs-check-setuid-on-audit.diff: upstream fix for CVE-2010-3856,
    which was already had a work-around in 2.7-10ubuntu7.

91. By Kees Cook on 2010-10-21

* SECURITY UPDATE: root escalation via LD_AUDIT DST expansion.
  - debian/patches/any/dst-expansion-fix.diff: upstream fixes.
  - CVE-2010-3847
  - debian/patches/any/disable-ld_audit.diff: turn off LD_AUDIT
    for setuid binaries.

90. By Kees Cook on 2010-05-19

* SECURITY UPDATE: integer overflow in strfmon() might lead to arbitrary
  code execution.
  - debian/patches/any/git-strfmon-overflow.diff: backport from upstream.
  - CVE-2008-1391
* SECURITY UPDATE: newlines not escaped in /etc/mtab.
  - debian/patches/any/git-mntent-newline-escape.diff: upstream fixes.
  - CVE-2010-0296
* SECURITY UPDATE: arbitrary code execution from ELF headers (LP: #542197).
  - debian/patches/any/git-fix-dtag-cast.diff: upstream fixes.
  - CVE-2010-0830
* debian/patches/any/git-readdir-padding.diff: fix readdir padding when
  processing getdents64() in a 32-bit execution environment (LP: #392501).

89. By Matthias Klose on 2008-04-05

* Probably built on the good buildds last time; pessimize expected
  test results on ia64, i386.
* debian/expected_test_summary: Fix typos in expected sparc results.

88. By Matthias Klose on 2008-04-04

* Adjust debian/expected_test_summary:
  - Fix typo for i386 xen.
  - crypt/sha512c fails on i386 (log-test-i486-linux-gnu-libc), but not on
    the PPA build.
  - Add current results for ia64, powerpc, sparc.

87. By Matthias Klose on 2008-04-03

* Merge remaining changes from 2.7-10 (r2869:2892).
* If RELEASE_UPGRADE_MODE is set to `desktop', make the glibc/restart-services,
  glibc/restart-failed and glibc/upgrade questions of medium priority (and
  restarting the services automatically). LP: #174002.
  Works as well around the upgrade errors mentioned in LP #205079 in a KDE
  environment, when the upgrade is done using the update-manager.
* debian/rules: Always use the package settings for *FLAGS, not the settings
  from the environment.
* Fail the build if regressions are found running the testsuite compared to
  expected results from debian/expected_test_summary. Take initial values
  from a PPA build predating this upload.
* Merge from Debian trunk:
  - local/manpages/ld.so.8: fix libraries search order. Closes: #473458.
  - Update Finish debconf translation, by Esko Araj√§rvi. Closes: #473802.
  - Add any/cvs-strerror_r.diff to make strerror_r actually thread safe.
    Closes: #456531.
* debian/rules.d/build.mk: Call `sync' before building the tarball of
  supported locales. Our buildds trigger http://lkml.org/lkml/2007/8/1/337
  on every build.

86. By Steve Langasek on 2008-03-13

Clear out LDFLAGS when building; glibc isn't happy building with
-Wl,-Bsymbolic-functions. LP: #201673

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers