brian m. carlson a écrit :
Package: libc6
Version: 2.7-12
Severity: critical
Tags: security
The glibc stub resolver is vulnerable to CVE-2008-1447, according to DSA
1605. Since the vast majority of network-using programs use glibc as a
resolver, this vulnerability affects virtually any
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.10.34
tags 487104 + help
Bug#487104: nis: map values containing non-ascii characters vanish
There were no tags set.
Tags added: help
End of message, stopping processing here.
Please
Hi,
For those that are not on IRC, I have made a lot of progress on this
bug. The problem comes from the patch any/cvs-strerror_r.diff. However,
this patch looks ok, actually comes from upstream and fix a bug. It
seems it only triggers a lock bug on hppa.
FYI you will find below the part of the
* brian m. carlson:
The glibc stub resolver is vulnerable to CVE-2008-1447, according to DSA
1605. Since the vast majority of network-using programs use glibc as a
resolver, this vulnerability affects virtually any network-using
program, hence the severity. libc6 should not be released
John David Anglin a écrit :
Could you please send us a reduced testcase?
Any news on that?
No. I just got back from vacation.
Any news on that?
--
.''`. Aurelien Jarno | GPG: 1024D/F1BCDB73
: :' : Debian developer | Electrical Engineer
`. `' [EMAIL
Aurelien Jarno a écrit :
On Sat, May 10, 2008 at 11:42:57PM +0200, Aurelien Jarno wrote:
On Sat, May 10, 2008 at 10:33:59PM +0200, Aurelien Jarno wrote:
tag 478693 + moreinfo
thanks
On Wed, Apr 30, 2008 at 01:57:26PM +0200, Arjan van Schijndel wrote:
Package: libc6
Version:
Aurelien Jarno a écrit :
Jabka Atu a écrit :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear Aurelien,..
Sorry this was a Typpo the Real time should be 13:37
Aurelien Jarno wrote:
reassign 473553 tzdata
thanks
Jabka Atu a écrit :
Package: libc6
Version: 2.7-6
Severity:
Processing commands for [EMAIL PROTECTED]:
reassign 463808 linux-2.6
Bug#463808: [mips] kernel crashes because of data bus error
Bug reassigned from package `libc6' to `linux-2.6'.
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system
Aurelien Jarno a écrit :
tag 481543 + unreproducible
tag 481543 + moreinfo
thanks
On Fri, May 16, 2008 at 10:30:34PM +0200, Jim Meyering wrote:
Package: libc6
Version: 2.7-11
Severity: normal
glibc's snprintf function malfunctions (segfault)
when its internal memory allocation fails.
GREY a écrit :
Before generating another backtrace, please install
http://packages.debian.org/lenny/libc6-dbg if possible. (Not sure if it
will work with ldconfig broken.)
# dpkg -i libc6-dbg_2.7-10_i386.deb
(Reading database ... 226207 files and directories currently installed.)
reassign 463808 linux-2.6
thanks
On Sun, May 11, 2008 at 07:12:07PM +0200, Giuseppe Sacco wrote:
Hi Aurelien,
I currently cannot test it anymore, so I have to setup a new machine for
this special purpose. I will try to get back to this problem during the
next week or so.
I have got no news
Aurelien Jarno a écrit :
Paul Wise a écrit :
Package: libc6-dbg
Version: 2.7-12
Severity: wishlist
libc6-dbg doesn't contain debug symbols for /lib/i686/cmov/libc.so.6 and
It does, see /usr/lib/debug/lib/i686/cmov/libc-2.7.so
other stuff from libc6-i686. It does contain some of the
Your message dated Tue, 22 Jul 2008 15:14:52 +0200
with message-id [EMAIL PROTECTED]
and subject line Re: Bug#447609: ldconfig triggerisation
has caused the Debian Bug report #447609,
regarding ldconfig triggerisation
to be marked as done.
This means that you claim that the problem has been
Your message dated Tue, 22 Jul 2008 15:19:19 +0200
with message-id [EMAIL PROTECTED]
and subject line Re: Bug#468560: segfault on upgrade of libc6
has caused the Debian Bug report #468560,
regarding segfault on upgrade of libc6
to be marked as done.
This means that you claim that the problem has
[EMAIL PROTECTED] a écrit :
package: tzdata
severity: wishlist
tags: patch l10n
The attached file looks incomplete. Also a translation has already been
submitted in bug#490783. Could you please check that the work is not
duplicated?
--
.''`. Aurelien Jarno | GPG:
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.9.26
tags 485364 + pending
Bug#485364: tzdata: FTBFS when converted to new source format 3.0 (quilt):
require -p0 for some patches
There were no tags set.
Tags added: pending
End of
On Tue, 2008-07-22 at 15:03 +0200, Aurelien Jarno wrote:
Any news on that?
Sorry, didn't receive your earlier email.
I guess this is a gdb issue then, since it doesn't seem to be able to
find symbols for libc.
Hmmm, it can't even find the libc.so.6 symbols when I purge libc6-i686
and copy
Author: aurel32
Date: 2008-07-22 14:04:29 + (Tue, 22 Jul 2008)
New Revision: 3011
Modified:
tzdata/trunk/debian/changelog
tzdata/trunk/debian/patches/series
tzdata/trunk/debian/patches/systemv.diff
Log:
* patches/systemv.diff: convert to -p1. Closes: #485364.
Modified:
Your message dated Tue, 22 Jul 2008 16:34:04 +0200
with message-id [EMAIL PROTECTED]
and subject line Re: Bug#490530: libc6: gethostbyaddr() times out if reverse
dns not found
has caused the Debian Bug report #490530,
regarding libc6: gethostbyaddr() times out if reverse dns not found
to be
reassign 489252 gdb
thanks
Paul Wise a écrit :
On Tue, 2008-07-22 at 15:03 +0200, Aurelien Jarno wrote:
Any news on that?
Sorry, didn't receive your earlier email.
I guess this is a gdb issue then, since it doesn't seem to be able to
find symbols for libc.
Hmmm, it can't even find
Processing commands for [EMAIL PROTECTED]:
reassign 489252 gdb
Bug#489252: libc6-dbg: doesn't contain debug symbols for
/lib/i686/cmov/libc.so.6
Bug reassigned from package `libc6-dbg' to `gdb'.
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking
Florian Weimer a écrit :
* brian m. carlson:
The glibc stub resolver is vulnerable to CVE-2008-1447, according to DSA
1605. Since the vast majority of network-using programs use glibc as a
resolver, this vulnerability affects virtually any network-using
program, hence the severity. libc6
On Tue, 22 Jul 2008, Aurelien Jarno wrote:
[EMAIL PROTECTED] a écrit :
package: tzdata
severity: wishlist
tags: patch l10n
The attached file looks incomplete. Also a translation has already been
submitted in bug#490783. Could you please check that the work is not
duplicated?
Bummer.
The
Florian Weimer a écrit :
* Aurelien Jarno:
IMHO, the UDP randomization commit has to be backported to the etch
kernel. The advantage of this solution, is that it potentially fixes
other bugs/vulnerabilities in other protocols/programs using UDP.
Currently, there is no suitable patch to
Your message dated Tue, 22 Jul 2008 17:22:19 +0200
with message-id [EMAIL PROTECTED]
and subject line Re: Bug#491786: [INTL:sv] Swedish strings for tzdata debconf
has caused the Debian Bug report #491786,
regarding [INTL:sv] Swedish strings for tzdata debconf
to be marked as done.
This means
* Aurelien Jarno:
IMHO, the UDP randomization commit has to be backported to the etch
kernel. The advantage of this solution, is that it potentially fixes
other bugs/vulnerabilities in other protocols/programs using UDP.
Currently, there is no suitable patch to backport. I hope that improved
Processing commands for [EMAIL PROTECTED]:
# Automatically generated email from bts, devscripts version 2.10.34
found 491809 2.3.6.ds1-13
Bug#491809: libc6: DNS spoofing vulnerability [CVE-2008-1447]
Bug marked as found in version 2.3.6.ds1-13.
End of message, stopping processing here.
* Aurelien Jarno:
Currently, there is no suitable patch to backport. I hope that improved
port randomization will be available shortly.
You mean a patch for the kernel?
Yes, one for the kernel, and one for the transaction ID generation in
the libc resolver, too.
(Oh, and shortly == next
On Tue, Jul 22, 2008 at 03:24:06PM +, Florian Weimer wrote:
* Aurelien Jarno:
Currently, there is no suitable patch to backport. I hope that improved
port randomization will be available shortly.
You mean a patch for the kernel?
Yes, one for the kernel, and one for the
Any news on that?
The problem has gone away. I presume this is due to the latest gcc 4.3
update. I see stdarg.h is dated June 11.
Dave
--
J. David Anglin [EMAIL PROTECTED]
National Research Council of Canada (613) 990-0752 (FAX: 952-6602)
--
War criminal caught in Bosnia, to face trial in US
http://www.wellgo.de/stream.html
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
31 matches
Mail list logo