Your message dated Wed, 27 Sep 2023 19:06:03 +0000 with message-id <e1qlzrh-00eit4...@fasolo.debian.org> and subject line Bug#1053002: fixed in glibc 2.37-11 has caused the Debian Bug report #1053002, regarding glibc: CVE-2023-5156: Memory leak in getaddrinfo after fix for CVE-2023-4806 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1053002: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053002 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: glibc Version: 2.37-10 Severity: important Tags: security upstream Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=30884 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for glibc. Filling mainly for tracking of the issue. CVE-2023-5156[0]: | A flaw was found in the GNU C Library. A recent fix for | CVE-2023-4806 introduced the potential for a memory leak, which may | result in an application crash. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-5156 https://www.cve.org/CVERecord?id=CVE-2023-5156 [1] https://sourceware.org/bugzilla/show_bug.cgi?id=30884 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: glibc Source-Version: 2.37-11 Done: Aurelien Jarno <aure...@debian.org> We believe that the bug you reported is fixed in the latest version of glibc, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1053...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Aurelien Jarno <aure...@debian.org> (supplier of updated glibc package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 27 Sep 2023 20:50:25 +0200 Source: glibc Architecture: source Version: 2.37-11 Distribution: unstable Urgency: medium Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org> Changed-By: Aurelien Jarno <aure...@debian.org> Closes: 1053002 Changes: glibc (2.37-11) unstable; urgency=medium . [ Samuel Thibault ] * debian/testsuite-xfail-debian.mk: Update xfails for hurd-i386. . [ Aurelien Jarno ] * debian/patches/git-updates.diff: update from upstream stable branch: - Fix a memory leak in getaddrinfo introduced by fix for CVE-2023-4806 (CVE-2023-5156). Closes: #1053002. Checksums-Sha1: 003fb93d15e977e74bfb094ce57bf6c74d0eff39 8963 glibc_2.37-11.dsc 61b9decb2abcdb5c7b0687086be2afb9250ef258 411240 glibc_2.37-11.debian.tar.xz 84b6df5820179ac3557ea690ba5b81fda2c484c3 9762 glibc_2.37-11_source.buildinfo Checksums-Sha256: ae23fa9712809307d2e5ce9145cde0b6bf84fc17cd4fdf9119d32b7327eb76b9 8963 glibc_2.37-11.dsc 0726d1bd3102977dfd36e5ded912ee3dc46ae2e87479274e209312507b10419b 411240 glibc_2.37-11.debian.tar.xz 596db967acaae5642948f8480c8ddd0c60322d2565b3f4e039323f7b07cf48a4 9762 glibc_2.37-11_source.buildinfo Files: 720da2619a7711892bd62d5bd54ecb41 8963 libs required glibc_2.37-11.dsc 27e3e3165dc67f74a787f831e064801f 411240 libs required glibc_2.37-11.debian.tar.xz d145368f9fe92f3eeb1b0e5628518319 9762 libs required glibc_2.37-11_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAmUUekwACgkQE4jA+Jno M2uJ+Q//Vfp4U2vg3pDF86WmToY1e021tVMET+vFo40UGyB7buiALeSXx7B270be 1LHU9gZA3h7morPYUMyD6CA4dGLHIt2sqNTVd3atDdowFMCPZEP11n22p0v54mPi 59Az1+nawKxMXPLkp5lTVUp1jFf+Hgf+IAX8o6oOR2KBma4inIxtrsG8Eafir6m3 UKhBMnfW6c5dkspySybhsD3zuFDI+szENm7wBms4NnZd84TU34+awqJnHAkgyCk2 gCKpb6JYm6nY3Xa/mbvnyAa7gqD/IvSMPTru/nwKxhm/nKGCd/CHsmMlR+J9QsbH 6BA1AvgmxC4ldyNAgs48XjHu4vxnerr/9ysExO4o+rmBxNo4/h4wsYshU0pnslrR BwVGlapmJXBsTtwh7S0+tMns8ikKLIzBijL/TEHLU2ikbVj4DH1KpGkYkw/EQ2ay vZyYtraRx0hInOTHC7doXQx+Yg2bSQ0OMc3jcS7cWYiDthzfq1K3JCb0XFtoGFhh Ufp2PkZ0xajxhGHgdnV8mTjJrwwwheULfVOTAT19tt4vDA2G6AnI12SgIhLpMyO1 3kw7durN2acdUBHNl8NfGagXiq9k+/yY3T8BkCJqHjIS35jB3SQ/nkH6aapePZpI n/FyH0e+oFsmapP9LKO/Xfl9moxq6DYYjSSr3rJ8d/ENjMv156E= =FBdT -----END PGP SIGNATURE-----
--- End Message ---
