[ubuntu/maverick-security] eglibc_2.12.1-0ubuntu10.4_armel_translations.tar.gz, eglibc_2.12.1-0ubuntu10.4_i386_translations.tar.gz, eglibc, eglibc_2.12.1-0ubuntu10.4_powerpc_translations.tar.gz, eglibc_2.12.1-0ubuntu10.4_amd64_translations.tar.gz 2.12.1-0ubuntu10.4 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Fri Mar 9 03:35:18 UTC 2012 

eglibc (2.12.1-0ubuntu10.4) maverick-security; urgency=low

  * SECURITY UPDATE: timezone header parsing integer overflow (LP: #906961)
    - debian/patches/any/glibc-CVE-2009-5029.patch: Check values from
      TZ file header
    - CVE-2009-5029
  * SECURITY UPDATE: memory consumption denial of service in fnmatch
    - debian/patches/any/glibc-CVE-2011-1071.patch: avoid too much
      stack use in fnmatch.
    - CVE-2011-1071
  * SECURITY UPDATE: /etc/mtab corruption denial of service
    - debian/patches/any/glibc-CVE-2011-1089.patch: Report write
      error in addmnt even for cached streams
    - CVE-2011-1089
  * SECURITY UPDATE: insufficient locale environment sanitization
    - debian/patches/any/glibc-CVE-2011-1095.patch: escape contents of
      LANG environment variable.
    - CVE-2011-1095
  * SECURITY UPDATE: ld.so insecure handling of privileged programs'
    RPATHs with $ORIGIN
    - debian/patches/any/glibc-CVE-2011-1658.patch: improve handling of
      RPATH and ORIGIN
    - CVE-2011-1658
  * SECURITY UPDATE: fnmatch integer overflow
    - debian/patches/any/glibc-CVE-2011-1659.patch: check size of
      pattern in wide character representation
    - CVE-2011-1659
  * SECURITY UPDATE: DoS in RPC implementation (LP: #901716)
    - debian/patches/any/glibc-CVE-2011-4609.patch: nanosleep when too
      many open fds is detected
    - CVE-2011-4609
  * SECURITY UPDATE: vfprintf nargs overflow leading to FORTIFY
    check bypass
    - debian/patches/any/glibc-CVE-2012-0864.patch: check for integer
      overflow
    - CVE-2012-0864

Date: Tue, 06 Mar 2012 12:12:55 -0800
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/eglibc/2.12.1-0ubuntu10.4
-------------- next part --------------
Format: 1.8
Date: Tue, 06 Mar 2012 12:12:55 -0800
Source: eglibc
Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-sparcv9b libc6-sparcv9v libc6-sparcv9v2 libc6-sparc64b libc6-sparc64v libc6-sparc64v2 libc6-xen libc0.1-i686 libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb
Architecture: source
Version: 2.12.1-0ubuntu10.4
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description: 
 eglibc-source - Embedded GNU C Library: sources
 glibc-doc  - Embedded GNU C Library: Documentation
 libc-bin   - Embedded GNU C Library: Binaries
 libc-dev-bin - Embedded GNU C Library: Development binaries
 libc0.1    - Embedded GNU C Library: Shared libraries
 libc0.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64
 libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - Embedded GNU C Library: PIC archive library
 libc0.1-prof - Embedded GNU C Library: Profiling Libraries
 libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - Embedded GNU C Library: Shared libraries
 libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.3-pic - Embedded GNU C Library: PIC archive library
 libc0.3-prof - Embedded GNU C Library: Profiling Libraries
 libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc6      - Embedded GNU C Library: Shared libraries
 libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - Embedded GNU C Library: detached debugging symbols
 libc6-dev  - Embedded GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64
 libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64
 libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for ppc64
 libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64
 libc6-dev-s390x - GNU C Library: 64bit Development Libraries for IBM zSeries
 libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC
 libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64
 libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - Embedded GNU C Library: PIC archive library
 libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64
 libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-prof - Embedded GNU C Library: Profiling Libraries
 libc6-s390x - GNU C Library: 64bit Shared libraries for IBM zSeries
 libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-sparc64b - GNU C Library: 64bit Shared libraries for UltraSPARC [v9b optimiz
 libc6-sparc64v - GNU C Library: 64bit Shared libraries for UltraSPARC [v9v optimiz
 libc6-sparc64v2 - GNU C Library: 64bit Shared libraries for UltraSPARC [v9v2 optimi
 libc6-sparcv9b - GNU C Library: Shared libraries [v9b optimized]
 libc6-sparcv9v - GNU C Library: Shared libraries [v9v optimized]
 libc6-sparcv9v2 - GNU C Library: Shared libraries [v9v2 optimized]
 libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc6-xen  - GNU C Library: Shared libraries [Xen version]
 libc6.1    - Embedded GNU C Library: Shared libraries
 libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc6.1-pic - Embedded GNU C Library: PIC archive library
 libc6.1-prof - Embedded GNU C Library: Profiling Libraries
 libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb)
 locales    - Embedded GNU C Library: National Language (locale) data [support]
 locales-all - Embedded GNU C Library: Precompiled locale data
 nscd       - Embedded GNU C Library: Name Service Cache Daemon
Launchpad-Bugs-Fixed: 901716 906961
Changes: 
 eglibc (2.12.1-0ubuntu10.4) maverick-security; urgency=low
 .
   * SECURITY UPDATE: timezone header parsing integer overflow (LP: #906961)
     - debian/patches/any/glibc-CVE-2009-5029.patch: Check values from
       TZ file header
     - CVE-2009-5029
   * SECURITY UPDATE: memory consumption denial of service in fnmatch
     - debian/patches/any/glibc-CVE-2011-1071.patch: avoid too much
       stack use in fnmatch.
     - CVE-2011-1071
   * SECURITY UPDATE: /etc/mtab corruption denial of service
     - debian/patches/any/glibc-CVE-2011-1089.patch: Report write
       error in addmnt even for cached streams
     - CVE-2011-1089
   * SECURITY UPDATE: insufficient locale environment sanitization
     - debian/patches/any/glibc-CVE-2011-1095.patch: escape contents of
       LANG environment variable.
     - CVE-2011-1095
   * SECURITY UPDATE: ld.so insecure handling of privileged programs'
     RPATHs with $ORIGIN
     - debian/patches/any/glibc-CVE-2011-1658.patch: improve handling of
       RPATH and ORIGIN
     - CVE-2011-1658
   * SECURITY UPDATE: fnmatch integer overflow
     - debian/patches/any/glibc-CVE-2011-1659.patch: check size of
       pattern in wide character representation
     - CVE-2011-1659
   * SECURITY UPDATE: DoS in RPC implementation (LP: #901716)
     - debian/patches/any/glibc-CVE-2011-4609.patch: nanosleep when too
       many open fds is detected
     - CVE-2011-4609
   * SECURITY UPDATE: vfprintf nargs overflow leading to FORTIFY
     check bypass
     - debian/patches/any/glibc-CVE-2012-0864.patch: check for integer
       overflow
     - CVE-2012-0864
Checksums-Sha1: 
 e6be582d37ac40e295aef9fc47cd98bd19796be3 3610 eglibc_2.12.1-0ubuntu10.4.dsc
 35d97f623af3d20c511601e9d7b0efc33482e516 868917 eglibc_2.12.1-0ubuntu10.4.diff.gz
Checksums-Sha256: 
 fd4f6402231bc73b9a3bc4804336012da724268762825e503e26956150a43c9f 3610 eglibc_2.12.1-0ubuntu10.4.dsc
 01736e265e517fb69e86d0e4a68c14ad8a9203d17ff502b9357517b6ce82b60e 868917 eglibc_2.12.1-0ubuntu10.4.diff.gz
Files: 
 41640ebf42ebbd952a234606aeea5414 3610 libs required eglibc_2.12.1-0ubuntu10.4.dsc
 eed3481e8b79ffc01721bdf2a0ed4694 868917 libs required eglibc_2.12.1-0ubuntu10.4.diff.gz
Original-Maintainer: GNU Libc Maintainers <debian-glibc at lists.debian.org>

More information about the Maverick-changes mailing list