Your message dated Sun, 03 Jan 2021 16:19:11 +0000
with message-id <e1kw663-0008bf...@fasolo.debian.org>
and subject line Bug#976391: fixed in glibc 2.31-7
has caused the Debian Bug report #976391,
regarding glibc: CVE-2020-29562
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
976391: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976391
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: glibc
Version: 2.31-5
Severity: important
Tags: security upstream
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=26923
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 2.31-4

Hi,

The following vulnerability was published for glibc.

CVE-2020-29562[0]:
| The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to
| 2.32, when converting UCS4 text containing an irreversible character,
| fails an assertion in the code path and aborts the program,
| potentially resulting in a denial of service.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-29562
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29562
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=26923

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: glibc
Source-Version: 2.31-7
Done: Aurelien Jarno <aure...@debian.org>

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 976...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aure...@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 03 Jan 2021 17:01:18 +0100
Source: glibc
Architecture: source
Version: 2.31-7
Distribution: unstable
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aure...@debian.org>
Closes: 731082 973430 976391 977691
Changes:
 glibc (2.31-7) unstable; urgency=medium
 .
   [ Samuel Thibault ]
   * debian/testsuite-xfail-debian.mk: Update with 2.33 tests.
   * debian/patches/hurd-i386/local-clock_gettime_MONOTONIC.diff: Also accept
     CLOCK_MONOTONIC_RAW, CLOCK_REALTIME_COARSE, CLOCK_MONOTONIC_COARSE.
   * debian/patches/hurd-i386/tg-hurdsig-SA_SIGINFO.diff: Rename to
     git-hurdsig-SA_SIGINFO.diff.
   * debian/patches/hurd-i386/tg-sigstate_thread_reference.diff: Rename to
     git-sigstate_thread_reference.diff.
   * debian/patches/hurd-i386/git-siginfo_uesp.diff: Fix ss_sp field in
     siginfo.
   * debian/patches/hurd-i386/git-mmap-EINVAL.diff: Fix mmap EINVAL return 
value.
   * debian/patches/hurd-i386/git-waitid.diff: Support
     WEXITED/WCONTINUED/WSTOPPED/WNOWAIT.
   * debian/patches/hurd-i386/git-hurd-version.diff: Accept including
     hurd/version.h.
   * debian/patches/kfreebsd/submitted-waitid.diff: Refresh.
   * debian/control: Bump hurd-dev build-dep to get proc_waitid RPC.
   * debian/libc0.3.symbols.hurd-i386: Add proc_waitid RPC.
   * debian/debhelper.in/libc-dev.install.hurd-i386: Add missing
     libpthread_syms.a.
 .
   [ Aurelien Jarno ]
   * debian/patches/git-updates.diff: update from upstream stable branch:
     - Fix assertion failure in iconv when converting invalid UCS4
       (CVE-2020-29562).  Closes: #976391.
   * debian/sysdeps/arm64.mk: enable static PIE support on arm64.  Closes:
     #973430.
   * debian/patches/localedata/git-unicode-13-support.diff: backport Unicode 13
     support from upstream.  Closes: #977691.
   * debian/local/manpages/po/pt_BR.po: recode to UTF-8 to make lintian happy.
   * debian/debhelper.in/*.lintian-overrides: update for recent lintian
     versions.
   * debian/patches/any/git-ld.so-cache-endianness-markup.diff: backport ld.so
     cache endianness support from upstream.  Closes: #731082.
Checksums-Sha1:
 1e331fee23e117757d2769f92dd0b2fd4df55382 8198 glibc_2.31-7.dsc
 356dec34f77e672d93d46afb956a69e106933636 900892 glibc_2.31-7.debian.tar.xz
 166a597e48ab8f09db52a6fd9b4e4a24d9eb7f3d 7065 glibc_2.31-7_source.buildinfo
Checksums-Sha256:
 b6534894ab76c394ce87ea5989c7da95f189575f0ed47d10cab35f957f8ba12c 8198 
glibc_2.31-7.dsc
 8e36044afa2f37f53d9198fbbbfeabc500c40b1944dad6783b4c04e01049016f 900892 
glibc_2.31-7.debian.tar.xz
 4fa5e0ebd5903dc3023987bef8a9e9bcf641ef89fe3f2eb566a4d59236868415 7065 
glibc_2.31-7_source.buildinfo
Files:
 5725b5efa8985f7f1617bbf9dc56f995 8198 libs required glibc_2.31-7.dsc
 25010ad628983358039bf4d47b03924b 900892 libs required 
glibc_2.31-7.debian.tar.xz
 5c2541422e4a3827d82ddc332ef38abe 7065 libs required 
glibc_2.31-7_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAl/x628ACgkQE4jA+Jno
M2ta4g/9FYueTtUbGXu9l6/7WxYQ4Gkf4sq7EAXI6F0qpUORpCfRnyWjXR9FSX0z
AWEG3BM48db6t8rte7WJRsxvkHIw0Wmspk2vS+Wu54zdBa45CRojnCiFhn038KWS
0TlJsJe0zDnwghnvmrI7maKW4vA54hufUDdbujvZ6MGDsXUV89Hd1ZxieKiwH+ls
ti7lGMWXgqaPYrgPM1syeSxyYPAcSB3HQdKeY+pZC8+eIO2a0r++6//TLyjkVxOh
3d4b9gERQdS7dyBid3DE41rHGnyI2n69D1MQimGih3PzpThFmujSL+DClaSjoKpV
nCl97KIjt6rig0pwxa8mDnysutmOt96WVRD2WZaHqFZUYATpUVBmtYiELSk1nRRC
3cMeUr5dCPzYJO5qLscxh9hxZSZGq9A7JoHkZRrL0/wW/7ChYiMnZiw9bHr069Db
Na9jESKAoK4KNorY7HeXZwkr3XMil9Oc0msxyHzbyu04D9rUcq4idfBDPiH1iSWF
ebMq760I04jLb3UgMSdaO3kMPcaKSR4/14ynLxnUaODR4SZ6nvyGzmmaALQ671CO
9Bhy1u4VTK5fZYRH2zOPP+/1qkLkBl2FU5EIEBIs5FlfwiAdBmi7/r+utja9iciJ
Kgw3rn3SYoNxXde+LLcqaEIsuGRWWia4FPUlwTGJBaly6u+SPA4=
=DDoC
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to