-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 23 Nov 2014 19:03:02 +0100 Source: eglibc Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-sparcv9b libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 libc0.3-xen libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb Architecture: source all amd64 Version: 2.11.3-4+deb6u2 Distribution: squeeze-lts Urgency: medium Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: eglibc-source - Embedded GNU C Library: sources glibc-doc - Embedded GNU C Library: Documentation libc-bin - Embedded GNU C Library: Binaries libc-dev-bin - Embedded GNU C Library: Development binaries libc0.1 - Embedded GNU C Library: Shared libraries libc0.1-dbg - Embedded GNU C Library: detached debugging symbols libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for AMD64 libc0.1-i386 - Embedded GNU C Library: 32bit shared libraries for AMD64 libc0.1-i686 - Embedded GNU C Library: Shared libraries [i686 optimized] libc0.1-pic - Embedded GNU C Library: PIC archive library libc0.1-prof - Embedded GNU C Library: Profiling Libraries libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc0.3 - Embedded GNU C Library: Shared libraries libc0.3-dbg - Embedded GNU C Library: detached debugging symbols libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files libc0.3-i686 - Embedded GNU C Library: Shared libraries [i686 optimized] libc0.3-pic - Embedded GNU C Library: PIC archive library libc0.3-prof - Embedded GNU C Library: Profiling Libraries libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc0.3-xen - Embedded GNU C Library: Shared libraries [Xen version] libc6 - Embedded GNU C Library: Shared libraries libc6-amd64 - Embedded GNU C Library: 64bit Shared libraries for AMD64 libc6-dbg - Embedded GNU C Library: detached debugging symbols libc6-dev - Embedded GNU C Library: Development Libraries and Header Files libc6-dev-amd64 - Embedded GNU C Library: 64bit Development Libraries for AMD64 libc6-dev-i386 - Embedded GNU C Library: 32-bit development libraries for AMD64 libc6-dev-mips64 - Embedded GNU C Library: 64bit Development Libraries for MIPS64 libc6-dev-mipsn32 - Embedded GNU C Library: n32 Development Libraries for MIPS64 libc6-dev-powerpc - Embedded GNU C Library: 32bit powerpc development libraries for p libc6-dev-ppc64 - Embedded GNU C Library: 64bit Development Libraries for PowerPC64 libc6-dev-s390x - Embedded GNU C Library: 64bit Development Libraries for IBM zSeri libc6-dev-sparc64 - Embedded GNU C Library: 64bit Development Libraries for UltraSPAR libc6-i386 - Embedded GNU C Library: 32-bit shared libraries for AMD64 libc6-i686 - Embedded GNU C Library: Shared libraries [i686 optimized] libc6-mips64 - Embedded GNU C Library: 64bit Shared libraries for MIPS64 libc6-mipsn32 - Embedded GNU C Library: n32 Shared libraries for MIPS64 libc6-pic - Embedded GNU C Library: PIC archive library libc6-powerpc - Embedded GNU C Library: 32bit powerpc shared libraries for ppc64 libc6-ppc64 - Embedded GNU C Library: 64bit Shared libraries for PowerPC64 libc6-prof - Embedded GNU C Library: Profiling Libraries libc6-s390x - Embedded GNU C Library: 64bit Shared libraries for IBM zSeries libc6-sparc64 - Embedded GNU C Library: 64bit Shared libraries for UltraSPARC libc6-sparcv9b - Embedded GNU C Library: Shared libraries [v9b optimized] libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libc6-xen - Embedded GNU C Library: Shared libraries [Xen version] libc6.1 - Embedded GNU C Library: Shared libraries libc6.1-alphaev67 - Embedded GNU C Library: Shared libraries (EV67 optimized) libc6.1-dbg - Embedded GNU C Library: detached debugging symbols libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files libc6.1-pic - Embedded GNU C Library: PIC archive library libc6.1-prof - Embedded GNU C Library: Profiling Libraries libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb) libnss-dns-udeb - Embedded GNU C Library: NSS helper for DNS - udeb (udeb) libnss-files-udeb - Embedded GNU C Library: NSS helper for files - udeb (udeb) locales - Embedded GNU C Library: National Language (locale) data [support] locales-all - Embedded GNU C Library: Precompiled locale data nscd - Embedded GNU C Library: Name Service Cache Daemon Changes: eglibc (2.11.3-4+deb6u2) squeeze-lts; urgency=medium . * Non-maintainer upload by the Squeeze LTS Team. * CVE-2012-6656: Fix validation check when converting from ibm930 to utf. When converting IBM930 code with iconv(), if IBM930 code which includes invalid multibyte character "0xffff" is specified, then iconv() segfaults. * CVE-2014-6040: Crashes on invalid input in IBM gconv modules [BZ #17325] These changes are based on the fix for BZ #14134 in commit 6e230d11837f3ae7b375ea69d7905f0d18eb79e5. * CVE-2014-7817: The function wordexp() fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of "$((... ``))" where "..." can be anything valid. The backticks in the arithmetic epxression are evaluated by in a shell even if WRDE_NOCMD forbade command substitution. This allows an attacker to attempt to pass dangerous commands via constructs of the above form, and bypass the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD in exec_comm(), the only place that can execute a shell. All other checks for WRDE_NOCMD are superfluous and removed. Checksums-Sha1: e3a65ffc9a6ac73bb2bbda968909e29c23729d6f 3398 eglibc_2.11.3-4+deb6u2.dsc 946ce1056c3b8a4f6cc908a6a7f8600dcc81216b 22677499 eglibc_2.11.3.orig.tar.gz 38f9032321cd4ba24132da4ebf5c225a342a0a5d 925660 eglibc_2.11.3-4+deb6u2.diff.gz b9f00db441d457c8e29c23f381517742596a0541 1852740 glibc-doc_2.11.3-4+deb6u2_all.deb 2bd4f679783d80f941b6557ad0bd0592f94d0a6e 11052794 eglibc-source_2.11.3-4+deb6u2_all.deb 7fb4c1d1159e9522019c7772b0bf1d64335181f5 4756850 locales_2.11.3-4+deb6u2_all.deb 22178364d97349a132bf8da3ad705ca3c58db7bb 4267216 libc6_2.11.3-4+deb6u2_amd64.deb e384f5bf1af6af06f8deb54aa3010dba13588471 2588748 libc6-dev_2.11.3-4+deb6u2_amd64.deb e53376889838e4860a72613942e1fbea1ed1e50a 2036110 libc6-prof_2.11.3-4+deb6u2_amd64.deb 31599e95a032a610e15d15cef57d4b49f5dc630a 1548750 libc6-pic_2.11.3-4+deb6u2_amd64.deb dfa2c9db3beeb856c87494b4cbe3c4c7258741c9 750600 libc-bin_2.11.3-4+deb6u2_amd64.deb a4cf8b498e779a35dba64212cad6f026f48ff027 210970 libc-dev-bin_2.11.3-4+deb6u2_amd64.deb 95ca3df12b868b342f9768680a609dd0adf1cbbb 3686424 locales-all_2.11.3-4+deb6u2_amd64.deb 7e8c4af8108961aa2baf9f1dafada65608d0f076 3804390 libc6-i386_2.11.3-4+deb6u2_amd64.deb b6b8652c71ca800df37a94eaf29e6ad434cb0d10 1527380 libc6-dev-i386_2.11.3-4+deb6u2_amd64.deb 85d28435be61e8bd7417d49979a804f1bfbd1de4 198972 nscd_2.11.3-4+deb6u2_amd64.deb 7b2b5a4a4cf48f97b9befde06c5e71cc20441a15 10387362 libc6-dbg_2.11.3-4+deb6u2_amd64.deb 300b229a1a85db5ab067b515b7a2592a25469dfa 1152118 libc6-udeb_2.11.3-4+deb6u2_amd64.udeb 85355f74333ef852a3818d9bbfdef48877a91a1b 11114 libnss-dns-udeb_2.11.3-4+deb6u2_amd64.udeb ea6c0b4bfd5aeecefb792f05d121b0d12c0e9696 20146 libnss-files-udeb_2.11.3-4+deb6u2_amd64.udeb Checksums-Sha256: 19b515a020213c444a91076607c4bce9ce6e9310a7fd297df95cd8aaf6eb4c32 3398 eglibc_2.11.3-4+deb6u2.dsc 86468e94516b84c586b0f5c78c5b2361474698a7619f465091b1a61f0ae134af 22677499 eglibc_2.11.3.orig.tar.gz 70042152f5b262b8524aa8abeda4c9249b7c6a46a4e800ac80f427dafda8f5ab 925660 eglibc_2.11.3-4+deb6u2.diff.gz e87e247b1efbe035597a97824564b71177cd12f0efbbb83378222e8623f5b102 1852740 glibc-doc_2.11.3-4+deb6u2_all.deb 6884f46a5affe42ccd1e26621f1f3953c79fc4b401cef60ed1b6075c3d69f457 11052794 eglibc-source_2.11.3-4+deb6u2_all.deb c745681d4d5df9aaa768e6545dce412fc6de614316b27753bcbc946665b3a1ae 4756850 locales_2.11.3-4+deb6u2_all.deb 382b0724f578cbd1cca0a050eb80c9952e157b07c972668a3ff6556665569577 4267216 libc6_2.11.3-4+deb6u2_amd64.deb 6503387c21e98eff1873f7f61c26aaf65a12c6524d3db06789c0e0e26eec314a 2588748 libc6-dev_2.11.3-4+deb6u2_amd64.deb d2b4ec0f3d82131296fbe3c698fbfdcad2e65adf6fad556b3c1a6aa9c316d0d6 2036110 libc6-prof_2.11.3-4+deb6u2_amd64.deb 44fe9602f28cb24bcab5d8e49e0307ad5f227598ecf155f1ce80a15936862020 1548750 libc6-pic_2.11.3-4+deb6u2_amd64.deb 5c4efd876e52cf3bb0ba34ef66ae9ab6c92b6fe7bdbc444b90967ee857e02506 750600 libc-bin_2.11.3-4+deb6u2_amd64.deb 8b05051fc2c473041885686d4e393407ff4819787431375e319be1033a3c2c91 210970 libc-dev-bin_2.11.3-4+deb6u2_amd64.deb d46d7a66a0d35fb992581b1ee0bbd7dd56ed6f276bcaa549dbb240facf598554 3686424 locales-all_2.11.3-4+deb6u2_amd64.deb 715a284b9fd9a98cdf15630c395cc026cbfe429421d38ae09c5b2d1cf250ac35 3804390 libc6-i386_2.11.3-4+deb6u2_amd64.deb ab8026920f5cfbe31848810b75409196710dfec56d2efa980517d74accf85efb 1527380 libc6-dev-i386_2.11.3-4+deb6u2_amd64.deb 54d092d515475256d009d728bb42221f5a39f59a9fb714dd4ffb6876bf1babe3 198972 nscd_2.11.3-4+deb6u2_amd64.deb 18bb27990f31140721cc379c62a94e62f4c74ab0d2cea20c043d9401f72d0200 10387362 libc6-dbg_2.11.3-4+deb6u2_amd64.deb b6eac610bb1652decefb804d2eb89fd0545bfcf4458f23efa49f88025894e5da 1152118 libc6-udeb_2.11.3-4+deb6u2_amd64.udeb 4d2cdd85ff5bbb1e136f159855048f8599d2a7e64d4463f6d20b5d0e98a93fbd 11114 libnss-dns-udeb_2.11.3-4+deb6u2_amd64.udeb 72c9835be88c44dee866b62ef2815e73a39f65a61e8504836d54795849843903 20146 libnss-files-udeb_2.11.3-4+deb6u2_amd64.udeb Files: 4719d6fac698acc38b307690e18bd1b6 3398 libs required eglibc_2.11.3-4+deb6u2.dsc dd8e9ddf5a3d62209d2ef113888d0899 22677499 libs required eglibc_2.11.3.orig.tar.gz bdd308ea209b7a71668941eac4e4af32 925660 libs required eglibc_2.11.3-4+deb6u2.diff.gz c6b8d36a3ec265ca363f46b0b5c02d7e 1852740 doc optional glibc-doc_2.11.3-4+deb6u2_all.deb bc06506814c59af1375262d6ad94f354 11052794 devel optional eglibc-source_2.11.3-4+deb6u2_all.deb 21b19e3e1aba02134255485036c61d11 4756850 localization standard locales_2.11.3-4+deb6u2_all.deb 5a72e463f373314f5b3864c09cf757e0 4267216 libs required libc6_2.11.3-4+deb6u2_amd64.deb aa5e0d985970618c255f187ea63324d2 2588748 libdevel optional libc6-dev_2.11.3-4+deb6u2_amd64.deb 8b8484ebe2e43d8882271d86ac751944 2036110 libdevel extra libc6-prof_2.11.3-4+deb6u2_amd64.deb 232c28fcc01f2be336973819be0a1e7a 1548750 libdevel optional libc6-pic_2.11.3-4+deb6u2_amd64.deb afcb31f82ab3e49acd6f70eb0be51907 750600 libs required libc-bin_2.11.3-4+deb6u2_amd64.deb ce5ce424471e4c2cef11277be9bc5675 210970 libdevel optional libc-dev-bin_2.11.3-4+deb6u2_amd64.deb 2b6141092e4f86280dff4b59ba2c3740 3686424 localization extra locales-all_2.11.3-4+deb6u2_amd64.deb 925d877a4d7719ad91a3dba40de348bb 3804390 libs optional libc6-i386_2.11.3-4+deb6u2_amd64.deb 98772c0ea638d20c9c56600f77cf868b 1527380 libdevel optional libc6-dev-i386_2.11.3-4+deb6u2_amd64.deb 13badb38298696b64cd080c62e6775e5 198972 admin optional nscd_2.11.3-4+deb6u2_amd64.deb c6e6787ce6e6542db44adfaefca9711a 10387362 debug extra libc6-dbg_2.11.3-4+deb6u2_amd64.deb 644480f24b3a67bf852b52e580d05982 1152118 debian-installer extra libc6-udeb_2.11.3-4+deb6u2_amd64.udeb 7c91d857aa6d92999146a97805c4af8e 11114 debian-installer extra libnss-dns-udeb_2.11.3-4+deb6u2_amd64.udeb f1bee76204cc0b03920d7e13b9aa80de 20146 debian-installer extra libnss-files-udeb_2.11.3-4+deb6u2_amd64.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJUdeauXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHGgoP/R2kqxnK5FFA2yTyxeJYiUwG ad/NyHVFv3eNscaU67Kf4+uqQwZfr+mut0M2wmNWdrh8FPPCrMp7rnoZ/N69lcjU pB9EN8b4IIjesNxmgLQeyQIlvg7g+hPOOmAbJIFupjBDNHeKzSLezCQI+L3gc103 SRKe7cY3WmwyA/PFPnd0wrgNCobXJ+x8OgevgWOTBlbIfbd7iFrsAoS3xomnI9Hp igjrTr2VJ1uuvI1tqK5TUAb+R/7k8nDKFsVM169w0ly24fmcYlQhtfQKoeVokRgA 2Bh2qqHnISsXGh6Sp0hDt7zMSwp0lBOhPL0Pt7ezB96YAMR/EfAskSGhdtMdpMv2 rktZ0OVKVx4S9B/zeVB9m7DKWOqEIBjBIHgDbAlS/e7rbfFlbuBG9vNQn97aKGAQ 5UZmmhqRwP0/djTQ4aBloPIV6mOaQLD0SFePt8Rkc/Rh21b+gcG5Ixe6ryDuIdz+ nx9j1Qwn8Dd0p0rqIoXZEsG/tGF9abYIzsN2HbyDUqzxbSByjnL6LqR6Fo4pY8Vt zSrU6sS0ZLB6pHI4+mPpXCNkfVTvE+YOENsh8NbKvfRH14DDzgnqXuQisl5r1iST 6GSnROsY7Ca0pffefl9GxF+9Qgava6GjQV2PfMYf7HtkiOyvBXxh2LL+C8RTYqlq 1rlShgwfpaleU3mtj7yc =y9vp -----END PGP SIGNATURE-----
