Your message dated Sat, 11 Jul 2026 16:17:06 +0000
with message-id <[email protected]>
and subject line Bug#1134543: fixed in glibc 2.41-12+deb13u4
has caused the Debian Bug report #1134543,
regarding glibc: CVE-2026-5450
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1134543: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134543
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: glibc
Version: 2.42-15
Severity: important
Tags: security upstream
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=34008
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for glibc.
CVE-2026-5450[0]:
| Calling the scanf family of functions with a %mc (malloc'd character
| match) in the GNU C Library version 2.7 to version 2.43 with a
| format width specifier with an explicit width greater than 1024
| could result in a one byte heap buffer overflow.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-5450
https://www.cve.org/CVERecord?id=CVE-2026-5450
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=34008
[2]
https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0009
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: glibc
Source-Version: 2.41-12+deb13u4
Done: Aurelien Jarno <[email protected]>
We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aurelien Jarno <[email protected]> (supplier of updated glibc package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 29 Jun 2026 23:37:52 +0200
Source: glibc
Architecture: source
Version: 2.41-12+deb13u4
Distribution: trixie
Urgency: medium
Maintainer: GNU Libc Maintainers <[email protected]>
Changed-By: Aurelien Jarno <[email protected]>
Closes: 1134543 1134544 1135405
Changes:
glibc (2.41-12+deb13u4) trixie; urgency=medium
.
* debian/patches/git-updates.diff: update from upstream stable branch:
- Fix build against linux 7.0 headers. Closes: #1135405.
- Fix ungetwc operating on byte stream (CVE-2026-5928). Closes: #1134544.
- Fix buffer overflow in scanf %mc (CVE-2026-5450). Closes: #1134543.
- Suppress iconv intermediate errors with //TRANSLIT.
Checksums-Sha1:
f291d4082eef7e094241a1a87585f275cf336149 7576 glibc_2.41-12+deb13u4.dsc
57751ec678751a3cf5bf3badb54f6ab6b9760eea 499524
glibc_2.41-12+deb13u4.debian.tar.xz
62b4c5a63a1ea4ff036ac1a3a9ca6e49c7c3d7b9 9744
glibc_2.41-12+deb13u4_source.buildinfo
Checksums-Sha256:
0915324aa646bb99abfaa9aa6ecb734b30babd28454a3e51f3152912370fbd3e 7576
glibc_2.41-12+deb13u4.dsc
dda4153511bfd543502d18e5bc9323110996fe9c531f14ae3fad6eb17f027c7d 499524
glibc_2.41-12+deb13u4.debian.tar.xz
43a8726930a9a9e5f1cdf431c3a239dab03ec5a555acc85d2f5d5c1388f11710 9744
glibc_2.41-12+deb13u4_source.buildinfo
Files:
fa18f1bcbca0299c1ea024bfc9623f7a 7576 libs required glibc_2.41-12+deb13u4.dsc
8e44b0a9913a886a781d99125209f7df 499524 libs required
glibc_2.41-12+deb13u4.debian.tar.xz
f005e6cb9bc0bb82a20cf2cb96c14f54 9744 libs required
glibc_2.41-12+deb13u4_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAmpEnF8ACgkQE4jA+Jno
M2uNMQ/9G6Ez7CakRZfrcoMwH8BBU61EBIYGYav1d74Blw6TWYd0KKmSOQN6dZfr
nbDaWmByx7kKhdxbCjI44y+4GlHPu36CbweSJBhbQi3j/CRS4qP6sjJL7/kAz+gp
Ft1uaHmBJJsaygriQxfojgMXp7NuQ0MAIALwRopKgvRyhkCRxOhqiFwYws3K8TuB
VZ/ywaWRuc1EbiO8KPeUN6HEg9Tq7vHcgcwWfR+rSTMOhVFSzSca4GJI98Q/9kU8
nLx4lyboadzir/PkjI/2BTRCLASW7pFmIZBoYzF5tCrvCNXOGQe34BVnrDzR3f4H
RV1sDHb2oGNRmwqmX8OmY2+/HJGapwmlvcqawlZ7AKo6UxwmfvQHqkwAtZcqgta1
8imlcEjYcZ5GtIxdIS59yScYos8hYtLuOmxXMtZryTaEQzpsb94jKwlQiWfLukaR
9fMkRmaUVrW+bYePjA8oYidIbDX6o0J7TKrQbSvxXqZ6Zfk3nlAqwgPbm0qPrQ+Y
DBYGy6yL+AcWDWb/mNciGfcPu5mqsbHD6O+ciwGu2lQn5TwoGassF7qGecj49eY9
OXoK4FVyNJ6TseC94MwBB1rVzUhk5LUXmsODh0K1qZMyFxr7GAA/TG1YW3k8gTXG
FsxFEFTOMazBGtjH8urnHZ4I0G4NyUAKVqkeTCEfmhUAOtIY/Gg=
=IKe1
-----END PGP SIGNATURE-----
pgpIPgQaYi43u.pgp
Description: PGP signature
--- End Message ---