Your message dated Wed, 22 Jul 2020 22:51:16 +0000 with message-id <e1jyna0-000g4a...@fasolo.debian.org> and subject line Bug#961452: fixed in glibc 2.31-2 has caused the Debian Bug report #961452, regarding CVE-2020-6096 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 961452: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961452 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: glibc Severity: important Please see https://sourceware.org/bugzilla/show_bug.cgi?id=25620 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: glibc Source-Version: 2.31-2 Done: Aurelien Jarno <aure...@debian.org> We believe that the bug you reported is fixed in the latest version of glibc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 961...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aurelien Jarno <aure...@debian.org> (supplier of updated glibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 23 Jul 2020 00:26:24 +0200 Source: glibc Architecture: source Version: 2.31-2 Distribution: unstable Urgency: medium Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org> Changed-By: Aurelien Jarno <aure...@debian.org> Closes: 961452 965091 965932 965941 Changes: glibc (2.31-2) unstable; urgency=medium . [ Aurelien Jarno ] * debian/control.in/libc: add a Breaks: against macs (<< 2.2.7.1-3~) due to bug #965073. * debian/patches/git-updates.diff: update from upstream stable branch: - Fix a signed comparison vulnerability in the ARMv7 memcpy and memmove functions (CVE-2020-6096). Closes: #961452. * debian/control.in/libc: do not limit the openssh-server breaks to 32-bit architectures, clock_nanosleep has to be allowed in addition to clock_gettime64. Closes: #965932. * debian/patches/any/submitted-selinux-deprecations.diff: proposed patch to ignore the selinux deprecations introduced in libselinux (>= 3.1), fixing an FTBFS. Closes: #965941. * debian/patches/x32/submitted-fix-nptl-setgroups-x32.patch: proposed patch to fix the setgroups functions in threaded applications on x32 (without the testsuite part). Closes: #965091. . [ Samuel Thibault ] * debian/patches/hurd-i386/local-tls-ie-align.diff: Fix TLS IE load with >= 8 byte alignment. * debian/testsuite-xfail-debian.mk: Update backtrace result. * debian/patches/hurd-i386/git-fix-longjmp.diff: Fix longjmp from dl loader. Notably fixes calling setuid programs from eatmydata. * debian/control: Build-depend on gnumach-dev with userland driver RPC interface. * debian/libc0.3.symbols.hurd-i386: Add userland driver RPC interface stubs. * debian/patches/hurd-i386/local-clock_gettime_MONOTONIC.diff: Make clock_nanosleep accept CLOCK_MONOTONIC as well. Checksums-Sha1: de6f87b63f42f73654f720a5a39e511ca62d09a6 8195 glibc_2.31-2.dsc 7fa2322888e002362003b52eef5461c0458c9046 832956 glibc_2.31-2.debian.tar.xz 17b00b1ebe7777c24339a160116dfc4034d6ea98 6939 glibc_2.31-2_source.buildinfo Checksums-Sha256: 1e68e21c7c03f539fe4f7b6cd6b04edc124dcbdd4c64a742a0e8defc6c446e03 8195 glibc_2.31-2.dsc 2f09126faa95ae00641c8848a4602cf108849d980ce88d9d129adab596ea835d 832956 glibc_2.31-2.debian.tar.xz c76049c623ea0b2ff84c04c3be9a2738da6e9fdf7cd2cc90a83d1185e349c30d 6939 glibc_2.31-2_source.buildinfo Files: 118a87db2b3d4629465eb10c47946718 8195 libs required glibc_2.31-2.dsc 73afb447f5e0e822f158dac21adaee3f 832956 libs required glibc_2.31-2.debian.tar.xz 01bdd8e9c0f02ac876ca8ec1b98b5cf5 6939 libs required glibc_2.31-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAl8Yvd4ACgkQE4jA+Jno M2vMkA/+KIfz4B04ywg0bvms3cfIQKuw+FQojw8inBrERUMpKDxZ94AkD30FwSIE wyao0KZTKGT42cQCwnQ8boYt2EfhFGXKXeDei40srZW1gMd138Fubsf1b3ClTW68 WKufygMDWbThbEahswn60w/2dxFaqQT4pIV29W/80dOMiPMfiSbNm79uK8Jp1jz2 6x//TP8zZCaKvGiF5uHI8Xjib/sMWGjHQBbBkpYZmF/ab4qdS/zRWLWaEajOZ91J P3O1hsn3IU5KQiMXL3k9V8llZV7DaBU+Hum+TJRfcjG0zMkGN5PARR3Fok89zs1u 1oD5voXnnshXqvCmz6AhVpy0rxdsVr4P1ozr79RM8bdAsjyxC1ora8fGy4GRts61 DfNdBApSSnijon0Erfm4U4Lw0/U9kcb848+jEAzkrUzk46jHI5BHn5ZUx2fo2jmU eWKxQj+5kvWMqZei476lGEVE2N/7e8NQGC8tnxLpfxb2d6rB9j++0eBlpcI9cvgS PkXRrRR1bYmtBTILnTbNp6Hf9C5vuDjmaEjUbG5U3soJCViYsSVwXrM7OL4DHlYg T2gqw3iXenVBNwSeWTgYX6fKo8/Lz+zYjARrr+ePT0L3612bAmsIXnO0GSqF47M6 fO4OdXgZGfGBvMcNYyZ9jdsqveZcPNPzMjNNnXAr/qT0KrYO23Q= =jFu3 -----END PGP SIGNATURE-----
--- End Message ---
