Bug#742925: eglibc: CVE-2013-4357

2014-03-29 Thread Carlos O'Donell
Related commits the fix the CVE:
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f2962a71959fd254a7a223437ca4b63b9e81130c
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=34a9094f49241ebb72084c536cf468fd51ebe3ec

On Fri, Mar 28, 2014 at 9:21 PM, Michael Gilbert mgilb...@debian.org wrote:
 package: src:eglibc
 severity: important
 version: 2.11.3-4

 A stack overflow issue was reported in eglibc:
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4357

 Best wishes,
 Mike


 --
 To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org
 with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
 Archive: 
 https://lists.debian.org/CANTw=MP=0e4c4es-0frtkujw9qmdpcsxp0xjpxdww9nmcag...@mail.gmail.com



-- 
To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CAE2sS1gm1L1CA8LVXGqiwrWOcu6kLri1SP4ckmdVji=plnt...@mail.gmail.com



Processed: tagging 742925

2014-03-29 Thread Debian Bug Tracking System
Processing commands for cont...@bugs.debian.org:

 tags 742925 + security
Bug #742925 [src:eglibc] eglibc: CVE-2013-4357
Added tag(s) security.
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
742925: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742925
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems


--
To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/handler.s.c.139607628323734.transcr...@bugs.debian.org



Bug#742965: libc0.1: openpty()/forkpty() fail on kfreebsd =9.0

2014-03-29 Thread Adam Borowski
Package: libc0.1
Version: 2.18-4
Severity: normal


If a process has a handler for SIGCHLD, openpty() fails on kfreebsd with 9.x
kernels.  It worked ok on 8.x, and works on real (ie, no glibc) FreeBSD.

A reduced test case attached; when commenting out the sigaction line,
openpty() starts working again.


-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: kfreebsd-amd64 (x86_64)

Kernel: kFreeBSD 9.2-1-amd64
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libc0.1 depends on:
ii  libgcc1  1:4.8.2-16

libc0.1 recommends no packages.

Versions of packages libc0.1 suggests:
ii  debconf [debconf-2.0]  1.5.52
pn  glibc-doc  none
ii  locales2.18-4

-- debconf information:
  glibc/upgrade: true
  glibc/disable-screensaver:
  glibc/restart-services:
  glibc/restart-failed:
  libraries/restart-without-asking: false
// Link with -lutil
#include stdio.h
#include pty.h
#include string.h
#include errno.h
#include sys/types.h
#include sys/wait.h
#include signal.h

static void sigchild(int dummy)
{
while (waitpid(-1,0,WNOHANG)0);
}

int main()
{
int master, slave;

struct sigaction act;
sigemptyset(act.sa_mask);
act.sa_flags=SA_RESTART;
act.sa_handler=sigchild;
sigaction(SIGCHLD,act,0);

if (openpty(master, slave, 0, 0, 0))
{
printf(Failed: %s\n, strerror(errno));
return 1;
}
printf(Ok!\n);
return 0;
}