Your message dated Fri, 16 Jan 2026 23:06:28 +0100
with message-id <[email protected]>
and subject line Re: Bug#1125748: glibc: CVE-2026-0915
has caused the Debian Bug report #1125748,
regarding glibc: CVE-2026-0915
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1125748: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125748
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: glibc
Version: 2.42-7
Severity: important
Tags: security upstream
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=33802
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 2.41-12+deb13u1
Control: found -1 2.41-12
Control: found -1 2.36-9+deb12u13
Control: found -1 2.36-9+deb12u7
Control: found -1 2.36-9
Hi,
The following vulnerability was published for glibc.
CVE-2026-0915[0]:
| Calling getnetbyaddr or getnetbyaddr_r with a configured
| nsswitch.conf that specifies the library's DNS backend for networks
| and queries for a zero-valued network in the GNU C Library version
| 2.0 to version 2.42 can leak stack contents to the configured DNS
| resolver.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-0915
https://www.cve.org/CVERecord?id=CVE-2026-0915
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=33802
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Version: 2.42-8
Hi,
On 2026-01-16 22:50, Salvatore Bonaccorso wrote:
> Source: glibc
> Version: 2.42-7
> Severity: important
> Tags: security upstream
> Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=33802
> X-Debbugs-Cc: [email protected], Debian Security Team
> <[email protected]>
> Control: found -1 2.41-12+deb13u1
> Control: found -1 2.41-12
> Control: found -1 2.36-9+deb12u13
> Control: found -1 2.36-9+deb12u7
> Control: found -1 2.36-9
>
> Hi,
>
> The following vulnerability was published for glibc.
>
> CVE-2026-0915[0]:
> | Calling getnetbyaddr or getnetbyaddr_r with a configured
> | nsswitch.conf that specifies the library's DNS backend for networks
> | and queries for a zero-valued network in the GNU C Library version
> | 2.0 to version 2.42 can leak stack contents to the configured DNS
> | resolver.
>
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
This was fix in unstable in version 2.42-8. Closing the bug accordingly.
Regards
Aurelien
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
[email protected] http://aurel32.net
--- End Message ---
