This bug was fixed in the package eglibc - 2.11.1-0ubuntu7.11
--------------- eglibc (2.11.1-0ubuntu7.11) lucid-security; urgency=low
* SECURITY UPDATE: buffer overflow in vfprintf handling - debian/patches/any/CVE-2012-3404.patch: Fix allocation when handling positional parameters in printf. - CVE-2012-3404 * SECURITY UPDATE: buffer overflow in vfprintf handling - debian/patches/any/CVE-2012-3405.patch: fix extension of array - CVE-2012-3405 * SECURITY UPDATE: stack buffer overflow in vfprintf handling (LP: #1031301) - debian/patches/any/CVE-2012-3406.patch: switch to malloc when array grows too large to handle via alloca extension - CVE-2012-3406 * SECURITY UPDATE: stdlib strtod integer/buffer overflows - debian/patches/any/CVE-2012-3480.patch: rearrange calculations and modify types to void integer overflows - CVE-2012-3480 * debian/patches/any/strtod_overflow_bug7066.patch: Fix array overflow in floating point parser triggered by applying patch for CVE-2012-3480 * debian/testsuite-checking/expected-results-x86_64-linux-gnu-libc, debian/testsuite-checking/expected-results-i486-linux-gnu-libc, debian/testsuite-checking/expected-results-i686-linux-gnu-i386, debian/testsuite-checking/expected-results-i686-linux-gnu-i686, debian/testsuite-checking/expected-results-i686-linux-gnu-xen, debian/testsuite-checking/expected-results-sparc64-linux-gnu-sparc64: update for pre-existing testsuite failures that prevents FTBFS when the testsuite is enabled. -- Steve Beattie <email address hidden> Fri, 28 Sep 2012 23:48:21 -0700
This bug was fixed in the package eglibc - 2.11.1-0ubuntu7.11
--------------- 0ubuntu7. 11) lucid-security; urgency=low
eglibc (2.11.1-
* SECURITY UPDATE: buffer overflow in vfprintf handling patches/ any/CVE- 2012-3404. patch: Fix allocation when patches/ any/CVE- 2012-3405. patch: fix extension of array patches/ any/CVE- 2012-3406. patch: switch to malloc when patches/ any/CVE- 2012-3480. patch: rearrange calculations patches/ any/strtod_ overflow_ bug7066. patch: Fix array testsuite- checking/ expected- results- x86_64- linux-gnu- libc, testsuite- checking/ expected- results- i486-linux- gnu-libc, testsuite- checking/ expected- results- i686-linux- gnu-i386, testsuite- checking/ expected- results- i686-linux- gnu-i686, testsuite- checking/ expected- results- i686-linux- gnu-xen, testsuite- checking/ expected- results- sparc64- linux-gnu- sparc64:
- debian/
handling positional parameters in printf.
- CVE-2012-3404
* SECURITY UPDATE: buffer overflow in vfprintf handling
- debian/
- CVE-2012-3405
* SECURITY UPDATE: stack buffer overflow in vfprintf handling
(LP: #1031301)
- debian/
array grows too large to handle via alloca extension
- CVE-2012-3406
* SECURITY UPDATE: stdlib strtod integer/buffer overflows
- debian/
and modify types to void integer overflows
- CVE-2012-3480
* debian/
overflow in floating point parser triggered by applying patch for
CVE-2012-3480
* debian/
debian/
debian/
debian/
debian/
debian/
update for pre-existing testsuite failures that prevents FTBFS
when the testsuite is enabled.
-- Steve Beattie <email address hidden> Fri, 28 Sep 2012 23:48:21 -0700