lp:ubuntu/hardy-security/glibc
- Get this branch:
- bzr branch lp:ubuntu/hardy-security/glibc
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 95. By Marc Deslauriers
-
debian/
patches/ any/strtod_ overflow_ bug7066. patch: Fix array
overflow in floating point parser triggered by applying patch for
CVE-2012-3480 (LP: #1090740) - 94. By Steve Beattie
-
* SECURITY UPDATE: buffer overflow in vfprintf handling
- debian/patches/ any/CVE- 2012-3404. patch: Fix allocation when
handling positional parameters in printf.
- CVE-2012-3404
* SECURITY UPDATE: buffer overflow in vfprintf handling
- debian/patches/ any/CVE- 2012-3405. patch: fix extension of array
- CVE-2012-3405
* SECURITY UPDATE: stack buffer overflow in vfprintf handling
(LP: #1031301)
- debian/patches/ any/CVE- 2012-3406. patch: switch to malloc when
array grows too large to handle via alloca extension
- CVE-2012-3406
* SECURITY UPDATE: stdlib strtod integer/buffer overflows
- debian/patches/ any/CVE- 2012-3480. patch: rearrange calculations
and modify types to void integer overflows
- CVE-2012-3480
* debian/expected_ test_summary: update expected results to prevent FTBFS - 93. By Steve Beattie
-
* SECURITY UPDATE: timezone header parsing integer overflow (LP: #906961)
- debian/patches/ any/glibc- CVE-2009- 5029.patch: Check values from
TZ file header
- CVE-2009-5029
* SECURITY UPDATE:
- debian/patches/ any/submitted- nis-shadow. diff remove encrypted
passwords from passwd entries, and add them in shadow entries and
fix incorrect password overwriting
- CVE-2010-0015
* SECURITY UPDATE: memory consumption denial of service in fnmatch
- debian/patches/ any/glibc- CVE-2011- 1071.patch: avoid too much
stack use in fnmatch.
- CVE-2011-1071
* SECURITY UPDATE: /etc/mtab corruption denial of service
- debian/patches/ any/glibc- CVE-2011- 1089.patch: Report write
error in addmnt even for cached streams
- CVE-2011-1089
* SECURITY UPDATE: insufficient locale environment sanitization
- debian/patches/ any/glibc- CVE-2011- 1095.patch: escape contents of
LANG environment variable.
- CVE-2011-1095
* SECURITY UPDATE: ld.so insecure handling of privileged programs'
RPATHs with $ORIGIN
- debian/patches/ any/glibc- CVE-2011- 1658.patch: improve handling of
RPATH and ORIGIN
- CVE-2011-1658
* SECURITY UPDATE: fnmatch integer overflow
- debian/patches/ any/glibc- CVE-2011- 1659.patch: check size of
pattern in wide character representation
- CVE-2011-1659
* SECURITY UPDATE: signedness bug in memcpy_ssse3
- debian/patches/ any/glibc- CVE-2011- 2702.patch: use unsigned
comparison instructions
- CVE-2011-2702
* SECURITY UPDATE: DoS in RPC implementation (LP: #901716)
- debian/patches/ any/glibc- CVE-2011- 4609.patch: nanosleep when too
many open fds is detected
- CVE-2011-4609
* SECURITY UPDATE: vfprintf nargs overflow leading to FORTIFY
check bypass
- debian/patches/ any/glibc- CVE-2012- 0864.patch: check for integer
overflow
- CVE-2012-0864 - 92. By Kees Cook
-
* SECURITY UPDATE: setuid iconv users could load arbitrary libraries.
- debian/patches/ any/dst- expansion- fix.diff: refresh with new
proposed solution, avoiding iconv issues.
- any/cvs-check-setuid- on-audit. diff: upstream fix for CVE-2010-3856,
which was already had a work-around in 2.7-10ubuntu7. - 91. By Kees Cook
-
* SECURITY UPDATE: root escalation via LD_AUDIT DST expansion.
- debian/patches/ any/dst- expansion- fix.diff: upstream fixes.
- CVE-2010-3847
- debian/patches/ any/disable- ld_audit. diff: turn off LD_AUDIT
for setuid binaries. - 90. By Kees Cook
-
* SECURITY UPDATE: integer overflow in strfmon() might lead to arbitrary
code execution.
- debian/patches/ any/git- strfmon- overflow. diff: backport from upstream.
- CVE-2008-1391
* SECURITY UPDATE: newlines not escaped in /etc/mtab.
- debian/patches/ any/git- mntent- newline- escape. diff: upstream fixes.
- CVE-2010-0296
* SECURITY UPDATE: arbitrary code execution from ELF headers (LP: #542197).
- debian/patches/ any/git- fix-dtag- cast.diff: upstream fixes.
- CVE-2010-0830
* debian/patches/ any/git- readdir- padding. diff: fix readdir padding when
processing getdents64() in a 32-bit execution environment (LP: #392501). - 89. By Matthias Klose
-
* Probably built on the good buildds last time; pessimize expected
test results on ia64, i386.
* debian/expected_ test_summary: Fix typos in expected sparc results. - 88. By Matthias Klose
-
* Adjust debian/
expected_ test_summary:
- Fix typo for i386 xen.
- crypt/sha512c fails on i386 (log-test-i486-linux- gnu-libc) , but not on
the PPA build.
- Add current results for ia64, powerpc, sparc. - 87. By Matthias Klose
-
* Merge remaining changes from 2.7-10 (r2869:2892).
* If RELEASE_UPGRADE_ MODE is set to `desktop', make the glibc/restart- services,
glibc/restart- failed and glibc/upgrade questions of medium priority (and
restarting the services automatically). LP: #174002.
Works as well around the upgrade errors mentioned in LP #205079 in a KDE
environment, when the upgrade is done using the update-manager.
* debian/rules: Always use the package settings for *FLAGS, not the settings
from the environment.
* Fail the build if regressions are found running the testsuite compared to
expected results from debian/expected_ test_summary. Take initial values
from a PPA build predating this upload.
* Merge from Debian trunk:
- local/manpages/ld.so.8: fix libraries search order. Closes: #473458.
- Update Finish debconf translation, by Esko Arajärvi. Closes: #473802.
- Add any/cvs-strerror_ r.diff to make strerror_r actually thread safe.
Closes: #456531.
* debian/rules.d/ build.mk: Call `sync' before building the tarball of
supported locales. Our buildds trigger http://lkml.org/ lkml/2007/ 8/1/337
on every build. - 86. By Steve Langasek
-
Clear out LDFLAGS when building; glibc isn't happy building with
-Wl,-Bsymbolic-functions. LP: #201673
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)