* SECURITY UPDATE: use-after-free through getcanonname_r plugin call
- debian/patches/any/CVE-2023-4806.patch: copy h_name over and free it at
the end (getaddrinfo).
- CVE-2023-4806
* SECURITY UPDATE: use-after-free in gaih_inet function
- debian/patches/any/CVE-2023-4813.patch: simplify allocations and fix
merge and continue actions.
- CVE-2023-4813
* debian/testsuite-xfail-debian.mk: add tst-nss-gai-actions and
tst-nss-gai-hv2-canonname to xfails (container tests).
-- Camila Camargo de Matos <email address hidden> Wed, 22 Nov 2023 10:32:50 -0300
This bug was fixed in the package glibc - 2.31-0ubuntu9.14
---------------
glibc (2.31-0ubuntu9.14) focal-security; urgency=medium
* SECURITY UPDATE: use-after-free through getcanonname_r plugin call patches/ any/CVE- 2023-4806. patch: copy h_name over and free it at patches/ any/CVE- 2023-4813. patch: simplify allocations and fix testsuite- xfail-debian. mk: add tst-nss-gai-actions and nss-gai- hv2-canonname to xfails (container tests).
- debian/
the end (getaddrinfo).
- CVE-2023-4806
* SECURITY UPDATE: use-after-free in gaih_inet function
- debian/
merge and continue actions.
- CVE-2023-4813
* debian/
tst-
-- Camila Camargo de Matos <email address hidden> Wed, 22 Nov 2023 10:32:50 -0300