Format: 1.8 Date: Thu, 24 Feb 2022 14:42:40 -0500 Source: glibc Binary: libc-bin libc-dev-bin libc6 libc6-amd64 libc6-dbg libc6-dev libc6-dev-amd64 libc6-dev-x32 libc6-pic libc6-udeb libc6-x32 locales-all nscd Architecture: i386_translations i386 Version: 2.31-0ubuntu9.7 Distribution: focal Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libc-bin - GNU C Library: Binaries libc-dev-bin - GNU C Library: Development binaries libc6 - GNU C Library: Shared libraries libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64 libc6-dbg - GNU C Library: detached debugging symbols libc6-dev - GNU C Library: Development Libraries and Header Files libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64 libc6-dev-x32 - GNU C Library: X32 ABI Development Libraries for AMD64 libc6-pic - GNU C Library: PIC archive library libc6-udeb - GNU C Library: Shared libraries - udeb (udeb) libc6-x32 - GNU C Library: X32 ABI Shared libraries for AMD64 locales-all - GNU C Library: Precompiled locale data nscd - GNU C Library: Name Service Cache Daemon Changes: glibc (2.31-0ubuntu9.7) focal-security; urgency=medium . * SECURITY UPDATE: infinite loop in iconv - debian/patches/any/CVE-2016-10228-1.patch: rewrite iconv option parsing in iconv/Makefile, iconv/Versions, iconv/gconv_charset.c, iconv/gconv_charset.h, iconv/gconv_int.h, iconv/gconv_open.c, iconv/iconv_open.c, iconv/iconv_prog.c, iconv/tst-iconv-opt.c, iconv/tst-iconv_prog.sh, intl/dcigettext.c. - debian/patches/any/CVE-2016-10228-2.patch: handle translation output codesets with suffixes in iconv/Versions, iconv/gconv_charset.c, iconv/gconv_charset.h, iconv/gconv_int.h, iconv/iconv_open.c, iconv/iconv_prog.c, intl/dcigettext.c, intl/tst-codeset.c. - CVE-2016-10228 * SECURITY UPDATE: buffer over-read in iconv - debian/patches/any/CVE-2019-25013.patch: fix buffer overrun in EUC-KR conversion module in iconvdata/bug-iconv13.c, iconvdata/euc-kr.c, iconvdata/ksc5601.h. - CVE-2019-25013 * SECURITY UPDATE: another infinite loop in iconv - debian/patches/any/CVE-2020-27618.patch: fix issue in iconv/tst-iconv_prog.sh, iconvdata/ibm1364.c. - CVE-2020-27618 * SECURITY UPDATE: DoS via assert in iconv - debian/patches/any/CVE-2020-29562.patch: fix incorrect UCS4 inner loop bounds in iconv/Makefile, iconv/gconv_simple.c, iconv/tst-iconv8.c. - CVE-2020-29562 * SECURITY UPDATE: signed comparison issue in ARMv7 memcpy - debian/patches/any/CVE-2020-6096-pre1.patch: add support_blob_repeat_allocate_shared in support/blob_repeat.c, support/blob_repeat.h, support/tst-support_blob_repeat.c. - debian/patches/any/CVE-2020-6096-1.patch: add test case in string/Makefile, string/tst-memmove-overflow.c. - debian/patches/any/CVE-2020-6096-2.patch: mark test as as XFAIL in string/tst-memmove-overflow.c, sysdeps/arm/Makefile. - debian/patches/any/CVE-2020-6096-3.patch: fix memcpy and memmove for negative length in sysdeps/arm/memcpy.S, sysdeps/arm/memmove.S. - debian/patches/any/CVE-2020-6096-4.patch: fix multiarch memcpy for negative length in sysdeps/arm/armv7/multiarch/memcpy_impl.S. - debian/patches/any/CVE-2020-6096-5.patch: remove string/tst-memmove-overflow XFAIL in sysdeps/arm/Makefile. - CVE-2020-6096 * SECURITY UPDATE: double-free in nscd - debian/patches/any/CVE-2021-27645.patch: track live allocation better in nscd/netgroupcache.c. - CVE-2021-27645 * SECURITY UPDATE: assertion fail in iconv - debian/patches/any/CVE-2021-3326.patch: fix assertion failure in ISO-2022-JP-3 module in iconvdata/Makefile, iconvdata/bug-iconv14.c, iconvdata/iso-2022-jp-3.c. - CVE-2021-3326 * SECURITY UPDATE: overflow in wordexp via crafted pattern - debian/patches/any/CVE-2021-35942.patch: handle overflow in positional parameter number in posix/wordexp-test.c, posix/wordexp.c. - CVE-2021-35942 * SECURITY UPDATE: Off-by-one buffer overflow/underflow in getcwd() - debian/patches/any/CVE-2021-3999.patch: set errno to ERANGE for size == 1 in sysdeps/posix/getcwd.c. - CVE-2021-3999 * SECURITY UPDATE: DoS via long svcunix_create path argument - debian/patches/any/CVE-2022-23218-pre1.patch: add the __sockaddr_un_set function in include/sys/un.h, socket/Makefile, socket/sockaddr_un_set.c, socket/tst-sockaddr_un_set.c. - debian/patches/any/CVE-2022-23218.patch: fix buffer overflow in sunrpc/svc_unix.c. - CVE-2022-23218 * SECURITY UPDATE: DoS via long clnt_create hostname argument - debian/patches/any/CVE-2022-23219.patch: fix buffer overflow in sunrpc/clnt_gen.c. - CVE-2022-23219 * debian/rules.d/build.mk: build with --with-default-link=no. * This package does _NOT_ contain the changes from (2.31-0ubuntu9.5) in focal-proposed. Checksums-Sha1: fb25ca39ca397eefcc6a7179bddefeaa1ea5aac1 13051 glibc_2.31-0ubuntu9.7_i386.buildinfo 0ffd19ebc1f767fa5bb7f23c96e85eee8f120ff5 1871753 glibc_2.31-0ubuntu9.7_i386_translations.tar.gz 7fcd2670bf1b77e8b7732ebd2cd3e75bf0a361eb 2519328 libc-bin-dbgsym_2.31-0ubuntu9.7_i386.ddeb b53c842449bb2169192ca327b2f9494d88740c79 610460 libc-bin_2.31-0ubuntu9.7_i386.deb 86c71261c4b5a799d5c0e263cd29ea274acc807b 136836 libc-dev-bin-dbgsym_2.31-0ubuntu9.7_i386.ddeb b3de9fb55b711b6acb9db8e90ff6095f711113e1 72716 libc-dev-bin_2.31-0ubuntu9.7_i386.deb 29b651d540c51732e912185dff2026d9f8fe0ebe 10896816 libc6-amd64-dbgsym_2.31-0ubuntu9.7_i386.ddeb ef60749b8aad0ff72f9e4a257af0789d759d548f 2791608 libc6-amd64_2.31-0ubuntu9.7_i386.deb f10f949534a34b1fa137e46a40021e7d852a16aa 4962300 libc6-dbg_2.31-0ubuntu9.7_i386.deb bc787a4f1ae026c65c34279f61ae98fc6a734b5d 2019764 libc6-dev-amd64_2.31-0ubuntu9.7_i386.deb ee51a409681de84753ffd99391859b8ec1d1e537 1975304 libc6-dev-x32_2.31-0ubuntu9.7_i386.deb 7eca4b5cac42a92b095b49309ee3410cd444d2ae 2315120 libc6-dev_2.31-0ubuntu9.7_i386.deb df3cb595a58d20092294509d9b910222c20b9783 1427108 libc6-pic_2.31-0ubuntu9.7_i386.deb 8cad8c87b532af48e1241b0f7157d36430954e4c 1200084 libc6-udeb_2.31-0ubuntu9.7_i386.udeb 0b6b0978b46b10de18701d780c4151df84f40f7c 10476180 libc6-x32-dbgsym_2.31-0ubuntu9.7_i386.ddeb 299f6cdb201cdfba4b01c07596c22aa3100c5684 2774056 libc6-x32_2.31-0ubuntu9.7_i386.deb 4e9878654e40328fe4065399bc396fe0ab404f0a 2572384 libc6_2.31-0ubuntu9.7_i386.deb 9d20f676042600fe26d841358900f1f9644876e1 10581984 locales-all_2.31-0ubuntu9.7_i386.deb 967713523caf579a835d6423255829d3ee86018a 302652 nscd-dbgsym_2.31-0ubuntu9.7_i386.ddeb b2c4e11bc9c8f1ce44583134f5a40ad4442516c1 75568 nscd_2.31-0ubuntu9.7_i386.deb Checksums-Sha256: 5707002d72465f8923f502823f653413148ae535d61e5f5cd97b25bc5b4a5fa1 13051 glibc_2.31-0ubuntu9.7_i386.buildinfo f8e9f2ca0ffdd42b6d3298a4a428d2436be501ae07d91b94355fbcc9f3005da4 1871753 glibc_2.31-0ubuntu9.7_i386_translations.tar.gz 45c4dd7328a423b508f1f110970bca29a881cf84db7d69bf95c956e937b49d87 2519328 libc-bin-dbgsym_2.31-0ubuntu9.7_i386.ddeb 1e0dffba6a591867f54a760d4c16df2e2736f5ed8038ed8168bece42e9e5ec8a 610460 libc-bin_2.31-0ubuntu9.7_i386.deb 9ca773d641b6c120bec3eb2fb39cb47ae43c1901a9d0b9d8a24dbbfbd8d6f40c 136836 libc-dev-bin-dbgsym_2.31-0ubuntu9.7_i386.ddeb 519b72244e2e350aea4f0ef745e61608b133741c02db8d086965e01a557764c2 72716 libc-dev-bin_2.31-0ubuntu9.7_i386.deb c4d01cf871780e95a4424605aea8506ff117e523fc457af989e16e925da32df5 10896816 libc6-amd64-dbgsym_2.31-0ubuntu9.7_i386.ddeb cc6aa259c9b7a68dfd053ee9112c00b8767ada0ee69db7af918486228885987c 2791608 libc6-amd64_2.31-0ubuntu9.7_i386.deb 5a9930b840b1ec575760301d2096709899fd7915f97b71d2fd36b7d482c1944c 4962300 libc6-dbg_2.31-0ubuntu9.7_i386.deb 132fe211e1ab180e6dba313bd5f71fd0f0818c7992e9a7996df9d0c54ea6725c 2019764 libc6-dev-amd64_2.31-0ubuntu9.7_i386.deb 8d82ab9537f2415ce328c45320cf7d50205c59555e4bf6c6ed092016384c04a6 1975304 libc6-dev-x32_2.31-0ubuntu9.7_i386.deb c008ea72723441918bb6833706c972ec5a75b596312ccb6e1ce27af1dd889b83 2315120 libc6-dev_2.31-0ubuntu9.7_i386.deb 23b1195067a5a6302de0a4cfcbd4917f4edce2978cb7020d4ed06e73335f1c50 1427108 libc6-pic_2.31-0ubuntu9.7_i386.deb 2d0cddc9013ad34113d913fed4c9c58787061b9e09b6b027973b0c471a943767 1200084 libc6-udeb_2.31-0ubuntu9.7_i386.udeb 2ec66e758322c8af94aa4ae188b108a2a49bb5886aec29205d6abb0b1a00db0a 10476180 libc6-x32-dbgsym_2.31-0ubuntu9.7_i386.ddeb fa4d09a73688dd88fd1bb05b93e2e0d9836e32fa0c13d3ee62f23554b6c5941c 2774056 libc6-x32_2.31-0ubuntu9.7_i386.deb 7ec9d757fefc9bb32bddb2305a181492a9aaa4b9f6b113709f47c00f9266f4fd 2572384 libc6_2.31-0ubuntu9.7_i386.deb 91ed1a38d45d2626628412719c8920bfe52006b0244ec004165b1cc32edd854c 10581984 locales-all_2.31-0ubuntu9.7_i386.deb 240513ff3c0eb6c9ce01d74db68b0000ed06b01022853bd3902999818fe22d7f 302652 nscd-dbgsym_2.31-0ubuntu9.7_i386.ddeb 286ad24d20f3c98a0c135660ca3a8a0b7472a07bb93051b0e1edea70f6fb9347 75568 nscd_2.31-0ubuntu9.7_i386.deb Files: 3612be9c054a4286d9ad4cddcf16cda7 13051 libs required glibc_2.31-0ubuntu9.7_i386.buildinfo c1721a30ef700e1a24f4eb1b8f5fe372 1871753 raw-translations - glibc_2.31-0ubuntu9.7_i386_translations.tar.gz fd49247c76b3edecc1a9e2b16025960a 2519328 debug optional libc-bin-dbgsym_2.31-0ubuntu9.7_i386.ddeb 0bb062f0868b6aa7bbbda0aea938b3ee 610460 libs required libc-bin_2.31-0ubuntu9.7_i386.deb d4c12a9d760007218caaaafdac93a624 136836 debug optional libc-dev-bin-dbgsym_2.31-0ubuntu9.7_i386.ddeb 7a1bbbb721d1cdbf49700f13496ac723 72716 libdevel optional libc-dev-bin_2.31-0ubuntu9.7_i386.deb d958b363ce522bbda0cc0c9d36a477cb 10896816 debug optional libc6-amd64-dbgsym_2.31-0ubuntu9.7_i386.ddeb 284e9187a0c9f412bfeb348a2147ff39 2791608 libs optional libc6-amd64_2.31-0ubuntu9.7_i386.deb 05a6e4a6f9208e012ac598fc766ec53a 4962300 debug optional libc6-dbg_2.31-0ubuntu9.7_i386.deb 093b1cfeb6051f4c71267414633d67e2 2019764 libdevel optional libc6-dev-amd64_2.31-0ubuntu9.7_i386.deb 1189560c51d00d3584072e4f020ef374 1975304 libdevel optional libc6-dev-x32_2.31-0ubuntu9.7_i386.deb b5c48953e086fe9a4e9f6d855a089cc2 2315120 libdevel optional libc6-dev_2.31-0ubuntu9.7_i386.deb 9f9d1f92bb19d314c5c890deb9d6876b 1427108 libdevel optional libc6-pic_2.31-0ubuntu9.7_i386.deb 55a668161ad0a5e1ab993b63c2fec6cc 1200084 debian-installer optional libc6-udeb_2.31-0ubuntu9.7_i386.udeb 8b13b6cc74b6f435e556693b19550cb3 10476180 debug optional libc6-x32-dbgsym_2.31-0ubuntu9.7_i386.ddeb 289bf0759640665993fe8520b70235e8 2774056 libs optional libc6-x32_2.31-0ubuntu9.7_i386.deb cc561d306d92b35efcd8ee794852e28b 2572384 libs optional libc6_2.31-0ubuntu9.7_i386.deb 04952e05d3969e27aa1ea929ff35ed69 10581984 localization optional locales-all_2.31-0ubuntu9.7_i386.deb d589201cb0d82837b22a17310e3becb2 302652 debug optional nscd-dbgsym_2.31-0ubuntu9.7_i386.ddeb d27a1a82ad86aff084f2ae672f58bc44 75568 admin optional nscd_2.31-0ubuntu9.7_i386.deb Original-Maintainer: GNU Libc Maintainers Original-Vcs-Browser: https://salsa.debian.org/glibc-team/glibc Original-Vcs-Git: https://salsa.debian.org/glibc-team/glibc.git