[Bug 2045241] Re: glibc: drop libnss-nis and libnss-nisplus from libc6 Recommends?

Launchpad Bug Tracker 2045241 at bugs.launchpad.net
Thu Feb 22 20:46:19 UTC 2024 

This bug was fixed in the package glibc - 2.39-0ubuntu1

---------------
glibc (2.39-0ubuntu1) noble; urgency=medium

  * New upstream release
    Contains fixes for the following CVEs:
    - CVE-2023-6246: Heap buffer overflow in __vsyslog_internal()
    - CVE-2023-6779: Heap buffer overflow in __vsyslog_internal()
    - CVE-2023-6780: Integer overflow in __vsyslog_internal()
    Patches:
    - Several patches refreshed
    - d/p/localedata/lv_LV-current.patch: dropped, applied upstream
    - d/p/lp{2031495,2032624}: dropped, applied upstream
    - d/p/any/git-c-utf-8-language.diff: dropped, applied upstream
  * d/p/ubuntu/submitted-tests-gracefully-handle-AppArmor-userns-containment.patch:
    Fix the tests in recent apparmor environments (LP: #2048375)
  * Drop libnss-nis and libnss-nisplus to Suggests (LP: #2045241)
  * Fix Replaces version for libsotruss.so file move (LP: #2042665)
  * Remove libc6-dev dependency on libtirpc-dev (LP: #2045763)
  * Dropped a lot of Ubuntu-specific xfails that are now passing.
  * Drop the -prof variant to instead use frame pointers on all 64-bit
    architectures by default to match the rest of the distro (LP: #2042790)

 -- Simon Chopin <schopin at ubuntu.com>  Thu, 01 Feb 2024 09:44:24 +0100

** Changed in: glibc (Ubuntu)
       Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6246

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6779

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6780

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/2045241

Title:
  glibc: drop libnss-nis and libnss-nisplus from libc6 Recommends?

Status in glibc package in Ubuntu:
  Fix Released

Bug description:
  Asked by vorlon:

  Should libc6 still Recommends: libnss-nis + libnss-nisplus?

  Dropping this would let us shed various i386 packages from the package
  pool on install images, as well as reducing the size of the base
  system.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/2045241/+subscriptions

More information about the foundations-bugs mailing list