ubuntu/+source/eglibc:applied/debian/wheezy

Last commit made on 2016-06-05
Get this branch:
git clone -b applied/debian/wheezy https://git.launchpad.net/ubuntu/+source/eglibc
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/debian/wheezy
Repository:
lp:ubuntu/+source/eglibc

Recent commits

a3ea276... by Aurelien Jarno on 2016-02-11

Import patches-applied version 2.13-38+deb7u10 to applied/debian/wheezy

Imported using git-ubuntu import.

Changelog parent: fdf77120aebb0f88db6bb8e65030ce3328271dbc
Unapplied parent: aeac25dbe52e386c88ce9db70958b46e9537b100

New changelog entries:
  [ Aurelien Jarno ]
  * patches/any/cvs-strftime.diff: new patch from upstream to fix
    segmentation fault caused by passing out-of-range data to strftime()
    (CVE-2015-8776). Closes: #812445.
  * patches/any/cvs-hcreate.diff: new patch from upstream to fix an integer
    overflow in hcreate() and hcreate_r() (CVE-2015-8778). Closes: #812441.
  * patches/any/cvs-catopen.diff: new patch from upstream to fix multiple
    unbounded stack allocations in catopen() (CVE-2015-8779). Closes:
    #812455.
  * patches/any/cvs-gethostbyname4-memory-leak.diff: new patch from
    upstream to fix a memory leak in _nss_dns_gethostbyname4_r with big
    DNS answers.
  * patches/any/local-CVE-2015-7547.diff: new patch to fix glibc getaddrinfo
    stack-based buffer overflow (CVE-2015-7547).

aeac25d... by Aurelien Jarno on 2016-02-11

Import patches-unapplied version 2.13-38+deb7u10 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: c13db414e9a80126520a17623a7c1b1004abfe74

New changelog entries:
  [ Aurelien Jarno ]
  * patches/any/cvs-strftime.diff: new patch from upstream to fix
    segmentation fault caused by passing out-of-range data to strftime()
    (CVE-2015-8776). Closes: #812445.
  * patches/any/cvs-hcreate.diff: new patch from upstream to fix an integer
    overflow in hcreate() and hcreate_r() (CVE-2015-8778). Closes: #812441.
  * patches/any/cvs-catopen.diff: new patch from upstream to fix multiple
    unbounded stack allocations in catopen() (CVE-2015-8779). Closes:
    #812455.
  * patches/any/cvs-gethostbyname4-memory-leak.diff: new patch from
    upstream to fix a memory leak in _nss_dns_gethostbyname4_r with big
    DNS answers.
  * patches/any/local-CVE-2015-7547.diff: new patch to fix glibc getaddrinfo
    stack-based buffer overflow (CVE-2015-7547).

fdf7712... by Aurelien Jarno on 2015-12-20

Import patches-applied version 2.13-38+deb7u9 to applied/debian/wheezy

Imported using git-ubuntu import.

Changelog parent: d250f625b28079d45c8290e498350175d1db8dca
Unapplied parent: c13db414e9a80126520a17623a7c1b1004abfe74

New changelog entries:
  [ Aurelien Jarno ]
  * patches/any/cvs-CVE-2015-1781.diff: new patch from upstream to fix
    a buffer overflow in getanswer_r (CVE-2015-1781). Closes: #796105.
  * patches/any/cvs-fnmatch-overflow.diff: new patch from upstream to fix
    a buffer overflow (read past end of buffer) in internal_fnmatch.
  * patches/any/cvs-_IO_wstr_overflow.diff: new patch from upstream to fix
    an integer overlow in IO_wstr_overflow.
  * patches/any/cvs-CVE-2014-8121.diff: new patch from upstream to fix
    an unexpected closing of nss_files databases after lookups, causing
    denial of service (CVE-2014-8121). Closes: #779587.
  * patches/any/cvs-ld_pointer_guard.diff: new patch from upstream to
    unconditionally disable LD_POINTER_GUARD. Closes: #798316, #801691.
  [ Raphaël Hertzog ]
  * debian/patches/any/cvs-strxfrm-buffer-overflows.diff: new patch
    from upstream to fix memory allocations issues that can lead to buffer
    overflows on the stack. Closes: #803927.

c13db41... by Aurelien Jarno on 2015-12-20

Import patches-unapplied version 2.13-38+deb7u9 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: 217c223d82de9247d2c89a9b89e31c21994beda6

New changelog entries:
  [ Aurelien Jarno ]
  * patches/any/cvs-CVE-2015-1781.diff: new patch from upstream to fix
    a buffer overflow in getanswer_r (CVE-2015-1781). Closes: #796105.
  * patches/any/cvs-fnmatch-overflow.diff: new patch from upstream to fix
    a buffer overflow (read past end of buffer) in internal_fnmatch.
  * patches/any/cvs-_IO_wstr_overflow.diff: new patch from upstream to fix
    an integer overlow in IO_wstr_overflow.
  * patches/any/cvs-CVE-2014-8121.diff: new patch from upstream to fix
    an unexpected closing of nss_files databases after lookups, causing
    denial of service (CVE-2014-8121). Closes: #779587.
  * patches/any/cvs-ld_pointer_guard.diff: new patch from upstream to
    unconditionally disable LD_POINTER_GUARD. Closes: #798316, #801691.
  [ Raphaël Hertzog ]
  * debian/patches/any/cvs-strxfrm-buffer-overflows.diff: new patch
    from upstream to fix memory allocations issues that can lead to buffer
    overflows on the stack. Closes: #803927.

d250f62... by Aurelien Jarno on 2015-02-22

Import patches-applied version 2.13-38+deb7u8 to applied/debian/wheezy

Imported using git-ubuntu import.

Changelog parent: ce22380610136dd2c8d3cdffcbfe54a7f0347f50
Unapplied parent: 217c223d82de9247d2c89a9b89e31c21994beda6

New changelog entries:
  * debian/patches/any/cvs-wscanf.diff: new patch from upstream to fix a
    heap buffer overflow in wscanf (CVE-2015-1472, CVE-2015-1473). Closes:
    #777197.
  * debian/patches/any/cvs-vfprintf.diff: new patch from ustream to fix a
    stack overflow in vfprintf (CVE-2012-3406). Closes: #681888.
  * debian/patches/any/cvs-posix_spawn_file_actions_addopen.diff: new patch
    from upstream to fix a vulnerability in posix_spawn_file_actions_addopen
    (CVE-2014-4043). Closes: #751774.
  * debian/patches/any/cvs-getnetbyname.diff: new patch from upstream to fix
    an infinite loop in getnetbyname (CVE-2014-9402). Closes: #775572.
  * debian/patches/any/cvs-getaddrinfo-idn.diff: new patch from upstream to
    fix a invalid-free when using getaddrinfo with IDN (CVE-2013-7424).
  * debian/patches/any/cvs-gethostbyname.diff: new patch from upstream
    to fix a buffer overflow in gethostbyname (CVE-2015-0235).
  * debian/patches/any/cvs-iconvdata-ibm930.diff: new patch from upstream to
    fix a possible crash when using the iconv function to convert IBM930
    encoded data (CVE-2012-6656).
  * debian/patches/any/cvs-iconvdata-ibm.diff: new patch from upstream to fix
    fix a possible crash when using the iconv function to convert IBM933,
    IBM935, IBM937, IBM939, IBM1364 encoded data (CVE-2014-6040).
  * debian/patches/any/cvs-wordexp.diff: new patch from upstream to fix a
    command execution in wordexp() with WRDE_NOCMD specified (CVS-2014-7817).

217c223... by Aurelien Jarno on 2015-02-22

Import patches-unapplied version 2.13-38+deb7u8 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: 4a442bdb16b001d243b84c9413eea95ba6c18c53

New changelog entries:
  * debian/patches/any/cvs-wscanf.diff: new patch from upstream to fix a
    heap buffer overflow in wscanf (CVE-2015-1472, CVE-2015-1473). Closes:
    #777197.
  * debian/patches/any/cvs-vfprintf.diff: new patch from ustream to fix a
    stack overflow in vfprintf (CVE-2012-3406). Closes: #681888.
  * debian/patches/any/cvs-posix_spawn_file_actions_addopen.diff: new patch
    from upstream to fix a vulnerability in posix_spawn_file_actions_addopen
    (CVE-2014-4043). Closes: #751774.
  * debian/patches/any/cvs-getnetbyname.diff: new patch from upstream to fix
    an infinite loop in getnetbyname (CVE-2014-9402). Closes: #775572.
  * debian/patches/any/cvs-getaddrinfo-idn.diff: new patch from upstream to
    fix a invalid-free when using getaddrinfo with IDN (CVE-2013-7424).
  * debian/patches/any/cvs-gethostbyname.diff: new patch from upstream
    to fix a buffer overflow in gethostbyname (CVE-2015-0235).
  * debian/patches/any/cvs-iconvdata-ibm930.diff: new patch from upstream to
    fix a possible crash when using the iconv function to convert IBM930
    encoded data (CVE-2012-6656).
  * debian/patches/any/cvs-iconvdata-ibm.diff: new patch from upstream to fix
    fix a possible crash when using the iconv function to convert IBM933,
    IBM935, IBM937, IBM939, IBM1364 encoded data (CVE-2014-6040).
  * debian/patches/any/cvs-wordexp.diff: new patch from upstream to fix a
    command execution in wordexp() with WRDE_NOCMD specified (CVS-2014-7817).

ce22380... by Aurelien Jarno on 2014-10-16

Import patches-applied version 2.13-38+deb7u6 to applied/debian/wheezy

Imported using git-ubuntu import.

Changelog parent: fc67751e3ea6c54e644061c2b4c3eb2957723df3
Unapplied parent: 4a442bdb16b001d243b84c9413eea95ba6c18c53

New changelog entries:
  * Update 2.13-38+deb7u5 changelog to mention that some lost glibc-doc
    files have been re-added in this version.
  * debian/patches/any/cvs-CVE-2013-4357.diff: update patch with upstream
    commit c8fc0c91 to fix segmentation faults when nscd is in use.
    Closes: #765506, #765526, #765562.

4a442bd... by Aurelien Jarno on 2014-10-16

Import patches-unapplied version 2.13-38+deb7u6 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: f98bd1b777fc73fb0f8f932c210a2e3a473582e8

New changelog entries:
  * Update 2.13-38+deb7u5 changelog to mention that some lost glibc-doc
    files have been re-added in this version.
  * debian/patches/any/cvs-CVE-2013-4357.diff: update patch with upstream
    commit c8fc0c91 to fix segmentation faults when nscd is in use.
    Closes: #765506, #765526, #765562.

fc67751... by Aurelien Jarno on 2014-10-08

Import patches-applied version 2.13-38+deb7u5 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 11bbce18724b0110d63ecd7c6a9856523c243129
Unapplied parent: f98bd1b777fc73fb0f8f932c210a2e3a473582e8

New changelog entries:
  * debian/patches/any/cvs-resolv-reuse-fd.diff: new patch from upstream
    to fix invalid file descriptor reuse while sending DNS query. Closes:
    #722075, #756343.
  * debian/patches/any/cvs-CVE-2013-4357.diff: new patch from upstream to
    fix stack overflow issues. Closes: #742925.
  * debian/patches/any/submitted-CVE-2014-0475.diff: update from upstream
    to fix a localplt regression introduced in version 2.13-38+deb7u3.
  * patches/any/cvs-dlopen-tls-memleak.patch: new patch from upstream to
    fix a memory leak with dlopen() and thread-local storage variables.
    Closes: #763559.
  * Apply upstream patch to fix buffer overflow in __gconv_translit_find.
    (CVE-2014-5119)
  * debian/patches/any/submitted-CVE-2014-0475.diff: setlocale security fix.
  * debian/patches/any/submitted-setlocale-alloca: Additional setlocale
    hardening.

f98bd1b... by Aurelien Jarno on 2014-10-08

Import patches-unapplied version 2.13-38+deb7u5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: bcb0adca60cd627651d9deb503d7718fb97c9ba5

New changelog entries:
  * debian/patches/any/cvs-resolv-reuse-fd.diff: new patch from upstream
    to fix invalid file descriptor reuse while sending DNS query. Closes:
    #722075, #756343.
  * debian/patches/any/cvs-CVE-2013-4357.diff: new patch from upstream to
    fix stack overflow issues. Closes: #742925.
  * debian/patches/any/submitted-CVE-2014-0475.diff: update from upstream
    to fix a localplt regression introduced in version 2.13-38+deb7u3.
  * patches/any/cvs-dlopen-tls-memleak.patch: new patch from upstream to
    fix a memory leak with dlopen() and thread-local storage variables.
    Closes: #763559.
  * Apply upstream patch to fix buffer overflow in __gconv_translit_find.
    (CVE-2014-5119)
  * debian/patches/any/submitted-CVE-2014-0475.diff: setlocale security fix.
  * debian/patches/any/submitted-setlocale-alloca: Additional setlocale
    hardening.