ubuntu/+source/eglibc:applied/ubuntu/oneiric-security

Last commit made on 2012-10-02
Get this branch:
git clone -b applied/ubuntu/oneiric-security https://git.launchpad.net/ubuntu/+source/eglibc
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/oneiric-security
Repository:
lp:ubuntu/+source/eglibc

Recent commits

8f75498... by Steve Beattie on 2012-09-19

Import patches-applied version 2.13-20ubuntu5.2 to applied/ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 3d8bde0f524fbc7ea60f3093f9c7eddb10c8f851
Unapplied parent: cfe3329362ec56ac8ada3aa77fb0bd6163ee23ad

New changelog entries:
  * SECURITY UPDATE: buffer overflow in vfprintf handling
    - debian/patches/any/CVE-2012-3404.patch: Fix allocation when
      handling positional parameters in printf.
    - CVE-2012-3404
  * SECURITY UPDATE: buffer overflow in vfprintf handling
    - debian/patches/any/CVE-2012-3405.patch: fix extension of array
    - CVE-2012-3405
  * SECURITY UPDATE: stack buffer overflow in vfprintf handling
    (LP: #1031301)
    - debian/patches/any/CVE-2012-3406.patch: switch to malloc when
      array grows too large to handle via alloca extension
    - CVE-2012-3406
  * SECURITY UPDATE: stdlib strtod integer/buffer overflows
    - debian/patches/any/CVE-2012-3480.patch: rearrange calculations
      and modify types to void integer overflows
    - CVE-2012-3480

cfe3329... by Steve Beattie on 2012-09-19

Import patches-unapplied version 2.13-20ubuntu5.2 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 4ba754b32f71ed5f4ee4c580003ea33e1003f8cc

New changelog entries:
  * SECURITY UPDATE: buffer overflow in vfprintf handling
    - debian/patches/any/CVE-2012-3404.patch: Fix allocation when
      handling positional parameters in printf.
    - CVE-2012-3404
  * SECURITY UPDATE: buffer overflow in vfprintf handling
    - debian/patches/any/CVE-2012-3405.patch: fix extension of array
    - CVE-2012-3405
  * SECURITY UPDATE: stack buffer overflow in vfprintf handling
    (LP: #1031301)
    - debian/patches/any/CVE-2012-3406.patch: switch to malloc when
      array grows too large to handle via alloca extension
    - CVE-2012-3406
  * SECURITY UPDATE: stdlib strtod integer/buffer overflows
    - debian/patches/any/CVE-2012-3480.patch: rearrange calculations
      and modify types to void integer overflows
    - CVE-2012-3480

3d8bde0... by Steve Beattie on 2012-03-06

Import patches-applied version 2.13-20ubuntu5.1 to applied/ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 9b98aed9722e3a8f6b1f0c88ee58ba75513d0a06
Unapplied parent: 4ba754b32f71ed5f4ee4c580003ea33e1003f8cc

New changelog entries:
  * SECURITY UPDATE: timezone header parsing integer overflow (LP: #906961)
    - debian/patches/any/glibc-CVE-2009-5029.patch: Check values from
      TZ file header
    - CVE-2009-5029
  * SECURITY UPDATE: ld.so insecure handling of privileged programs'
    RPATHs with $ORIGIN
    - debian/patches/any/glibc-CVE-2011-1658.patch: improve handling of
      RPATH and ORIGIN
    - CVE-2011-1658
  * SECURITY UPDATE: DoS in RPC implementation (LP: #901716)
    - debian/patches/any/glibc-CVE-2011-4609.patch: nanosleep when too
      many open fds is detected
    - CVE-2011-4609
  * SECURITY UPDATE: vfprintf nargs overflow leading to FORTIFY
    check bypass
    - debian/patches/any/glibc-CVE-2012-0864.patch: check for integer
      overflow
    - CVE-2012-0864

4ba754b... by Steve Beattie on 2012-03-06

Import patches-unapplied version 2.13-20ubuntu5.1 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 6a226e9f0e40b3760382b276e2d148ad0be8398c

New changelog entries:
  * SECURITY UPDATE: timezone header parsing integer overflow (LP: #906961)
    - debian/patches/any/glibc-CVE-2009-5029.patch: Check values from
      TZ file header
    - CVE-2009-5029
  * SECURITY UPDATE: ld.so insecure handling of privileged programs'
    RPATHs with $ORIGIN
    - debian/patches/any/glibc-CVE-2011-1658.patch: improve handling of
      RPATH and ORIGIN
    - CVE-2011-1658
  * SECURITY UPDATE: DoS in RPC implementation (LP: #901716)
    - debian/patches/any/glibc-CVE-2011-4609.patch: nanosleep when too
      many open fds is detected
    - CVE-2011-4609
  * SECURITY UPDATE: vfprintf nargs overflow leading to FORTIFY
    check bypass
    - debian/patches/any/glibc-CVE-2012-0864.patch: check for integer
      overflow
    - CVE-2012-0864

9b98aed... by Matthias Klose on 2011-10-04

Import patches-applied version 2.13-20ubuntu5 to applied/ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: 4405428631d35039d2dbbc01ad1d019b70d34028
Unapplied parent: 6a226e9f0e40b3760382b276e2d148ad0be8398c

New changelog entries:
  * libc6-dev: Don't break the current {gnat,gcj}-4.4-base versons. LP: #853688.

6a226e9... by Matthias Klose on 2011-10-04

Import patches-unapplied version 2.13-20ubuntu5 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: 47d2cb5c0dddaf1bc3a90215c8052d1d88823a36

New changelog entries:
  * libc6-dev: Don't break the current {gnat,gcj}-4.4-base versons. LP: #853688.

4405428... by Michael Vogt on 2011-09-30

Import patches-applied version 2.13-20ubuntu4 to applied/ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: 83756ce47f641045beaaf34ecfc510451ff6d27b
Unapplied parent: 47d2cb5c0dddaf1bc3a90215c8052d1d88823a36

New changelog entries:
  * debian/control:
    - help the apt resolver with the gcc-4.4 upgrade by providing
      explicit breaks against {gnat,gcc,gcj}-{4.4,4.5}-base (LP: #853688)

47d2cb5... by Michael Vogt on 2011-09-30

Import patches-unapplied version 2.13-20ubuntu4 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: 5315c5a92e8d3066af61a11851286b83e5575ff4

New changelog entries:
  * debian/control:
    - help the apt resolver with the gcc-4.4 upgrade by providing
      explicit breaks against {gnat,gcc,gcj}-{4.4,4.5}-base (LP: #853688)

83756ce... by Matthias Klose on 2011-09-26

Import patches-applied version 2.13-20ubuntu3 to applied/ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: c5654831a0698895d65c9ec2208088e5bdb36d31
Unapplied parent: 5315c5a92e8d3066af61a11851286b83e5575ff4

New changelog entries:
  * Fix pthread/fork race/deadlock. LP: #838975.
    - Avoid race between {,__de}allocate_stack and __reclaim_stacks during fork.
  * Merge from Debian:
  [ Aurelien Jarno ]
  * Add debian/patches/cvs-dl_close-scope-handling.diff from upstream to
    fix issues with dl_close() when resolving locally-defined symbols.
    Closes: #625250.
  * patches/i386/local-cpuid-level2.diff: fix a typo. Closes: #609389.

5315c5a... by Matthias Klose on 2011-09-26

Import patches-unapplied version 2.13-20ubuntu3 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: 7e64af9d88413bc5fecce06871d4096bf9cffcec

New changelog entries:
  * Fix pthread/fork race/deadlock. LP: #838975.
    - Avoid race between {,__de}allocate_stack and __reclaim_stacks during fork.
  * Merge from Debian:
  [ Aurelien Jarno ]
  * Add debian/patches/cvs-dl_close-scope-handling.diff from upstream to
    fix issues with dl_close() when resolving locally-defined symbols.
    Closes: #625250.
  * patches/i386/local-cpuid-level2.diff: fix a typo. Closes: #609389.