* Merge with unreleased 2.19 from Debian experimental, fixing some bugs:
- debian/patches/any/local-no-malloc-backtrace.diff: Lower the default
for MALLOC_CHECK_ to 1, and add it to the list of insecure variables
that can't be set for suid binaries. This allows us to not backtrace
malloc failures by default (Closes: #739913, LP: #1266492) and skips
backtrace for suid binaries where an attacker calling into a corrupt
malloc internal data structure with malloc could lead to Bad Things.
- Make ldconfig stop operating on the linker entirely, so our packaged
symlinks take precedence and hack the postinst to skip ldconfig when
we detect a broken setup that the old ldconfig mangles (LP: #915995)
-- Adam Conrad <email address hidden> Sun, 23 Feb 2014 22:39:18 -0700
This bug was fixed in the package eglibc - 2.19-0ubuntu2
---------------
eglibc (2.19-0ubuntu2) trusty; urgency=medium
* Merge with unreleased 2.19 from Debian experimental, fixing some bugs: patches/ any/local- no-malloc- backtrace. diff: Lower the default
- debian/
for MALLOC_CHECK_ to 1, and add it to the list of insecure variables
that can't be set for suid binaries. This allows us to not backtrace
malloc failures by default (Closes: #739913, LP: #1266492) and skips
backtrace for suid binaries where an attacker calling into a corrupt
malloc internal data structure with malloc could lead to Bad Things.
- Make ldconfig stop operating on the linker entirely, so our packaged
symlinks take precedence and hack the postinst to skip ldconfig when
we detect a broken setup that the old ldconfig mangles (LP: #915995)
-- Adam Conrad <email address hidden> Sun, 23 Feb 2014 22:39:18 -0700