Debian Package Tracker

general

source: glibc (optional, misc)
version: 2.24-17
maintainer: GNU Libc Maintainers (archive) [DMD]
uploaders: Samuel Thibault [DMD] – Clint Adams [DMD] – Aurelien Jarno [DMD] – Adam Conrad [DMD]
arch: all any
std-ver: 3.9.8
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 2.19-18+deb8u10
old-sec: 2.19-18+deb8u10
stable: 2.24-11+deb9u1
stable-sec: 2.24-11+deb9u1
testing: 2.24-17
unstable: 2.24-17
exp: 2.25-0experimental3

versioned links

2.19-18+deb8u10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.24-11+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.24-17: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.25-0experimental1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.25-0experimental3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

glibc-doc
glibc-source
libc-bin
libc-dev-bin
libc-l10n
libc0.1
libc0.1-dbg
libc0.1-dev
libc0.1-dev-i386
libc0.1-i386
libc0.1-pic
libc0.1-udeb
libc0.3
libc0.3-dbg
libc0.3-dev
libc0.3-pic
libc0.3-udeb
libc0.3-xen
libc6
libc6-amd64
libc6-dbg
libc6-dev
libc6-dev-amd64
libc6-dev-i386
libc6-dev-mips32
libc6-dev-mips64
libc6-dev-mipsn32
libc6-dev-powerpc
libc6-dev-ppc64
libc6-dev-s390
libc6-dev-sparc
libc6-dev-sparc64
libc6-dev-x32
libc6-i386
libc6-mips32
libc6-mips64
libc6-mipsn32
libc6-pic
libc6-powerpc
libc6-ppc64
libc6-s390
libc6-sparc
libc6-sparc64
libc6-udeb
libc6-x32
libc6-xen
libc6.1
libc6.1-alphaev67
libc6.1-dbg
libc6.1-dev
libc6.1-pic
libc6.1-udeb
locales
locales-all
multiarch-support
nscd

action needed

Multiarch hinter reports 1 issue(s)

high

There are issues with the multiarch metadata for this package.

libc6 conflicts on /lib/ld.so.1 on mips <-> mipsel

Created: 2017-04-13 Last update: 2017-09-22 01:35

A new upstream version is available: 2.26

high

A new upstream version 2.26 is available, you should consider packaging it.

Created: 2017-08-12 Last update: 2017-09-22 01:20

lintian reports 2 errors and 286 warnings

high

Lintian reports 2 errors and 286 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2015-03-06 Last update: 2017-09-21 07:25

3 security issues in sid

high

There are 3 open security issues in sid.

3 important issues:

CVE-2016-10228: The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
CVE-2017-8804: The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.
CVE-2017-12132: The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.

Please fix them.

Created: 2017-03-01 Last update: 2017-09-16 07:26

3 security issues in buster

high

There are 3 open security issues in buster.

3 important issues:

CVE-2016-10228: The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
CVE-2017-8804: The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.
CVE-2017-12132: The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.

Please fix them.

Created: 2017-06-18 Last update: 2017-09-16 07:26

Standards version of the package is outdated.

high

The package is severely out of date with respect to the Debian Policy. The package should be updated to follow the last version of Debian Policy (Standards-Version 4.1.0 instead of 3.9.8).

Created: 2017-06-19 Last update: 2017-08-27 07:14

Fails to build during reproducibility testing

normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2016-04-06 Last update: 2017-09-22 01:32

49 bugs tagged patch in the BTS

normal

The BTS contains patches fixing 49 bugs (55 if counting merged bugs), consider including or untagging them.

Created: 2017-08-12 Last update: 2017-09-22 01:05

6 ignored security issues in jessie

low

There are 6 open security issues in jessie.

6 issues skipped by the security teams:

CVE-2015-5180: res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).
CVE-2016-10228: The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
CVE-2014-9761: Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.
CVE-2017-8804: The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.
CVE-2017-12133: The DNS stub resolver in the GNU C Library (glibc) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attackers due to IP fragmentation.
CVE-2017-12132: The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.

Please fix them.

Created: 2015-07-12 Last update: 2017-09-16 07:26

4 ignored security issues in stretch

low

There are 4 open security issues in stretch.

4 issues skipped by the security teams:

CVE-2016-10228: The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.
CVE-2017-8804: The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc or libc6) 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service (virtual memory allocation, or memory consumption if an overcommit setting is not used) via a crafted UDP packet to port 111, a related issue to CVE-2017-8779.
CVE-2017-12133: The DNS stub resolver in the GNU C Library (glibc) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attackers due to IP fragmentation.
CVE-2017-12132: The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.

Please fix them.

Created: 2017-03-01 Last update: 2017-09-16 07:26

news

[rss feed]

[2017-09-04] glibc 2.24-17 MIGRATED to testing (Debian testing watch)
[2017-08-27] Accepted glibc 2.25-0experimental3 (source) into experimental (Aurelien Jarno)
[2017-08-26] Accepted glibc 2.25-0experimental2 (source) into experimental (Aurelien Jarno)
[2017-08-26] Accepted glibc 2.24-17 (source) into unstable (Aurelien Jarno)
[2017-08-21] Accepted glibc 2.24-16 (source) into unstable (Aurelien Jarno)
[2017-08-20] Accepted glibc 2.25-0experimental1 (source) into experimental (Aurelien Jarno)
[2017-08-20] Accepted glibc 2.24-15 (source) into unstable (Aurelien Jarno)
[2017-08-20] glibc 2.24-14 MIGRATED to testing (Debian testing watch)
[2017-08-02] Accepted glibc 2.25-0experimental0 (source) into experimental (Aurelien Jarno)
[2017-08-01] Accepted glibc 2.24-14 (source) into unstable (Aurelien Jarno)
[2017-07-31] Accepted glibc 2.24-13 (source) into unstable (Aurelien Jarno)
[2017-06-24] Accepted glibc 2.19-18+deb8u10 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Aurelien Jarno)
[2017-06-24] Accepted glibc 2.24-11+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Aurelien Jarno)
[2017-06-22] glibc 2.24-12 MIGRATED to testing (Debian testing watch)
[2017-06-19] Accepted glibc 2.24-12 (source) into unstable (Aurelien Jarno)
[2017-06-04] glibc 2.24-11 MIGRATED to testing (Debian testing watch)
[2017-05-28] Accepted glibc 2.24-11 (source) into unstable (Aurelien Jarno)
[2017-04-28] Accepted glibc 2.19-18+deb8u9 (source all) into proposed-updates->stable-new, proposed-updates (Aurelien Jarno)
[2017-04-26] glibc 2.24-10 MIGRATED to testing (Debian testing watch)
[2017-04-25] Accepted glibc 2.19-18+deb8u8 (source all) into proposed-updates->stable-new, proposed-updates (Aurelien Jarno)
[2017-04-11] Accepted glibc 2.24-10 (source) into unstable (Aurelien Jarno)
[2017-02-02] glibc 2.24-9 MIGRATED to testing (Debian testing watch)
[2017-01-16] Accepted glibc 2.24-9 (source) into unstable (Aurelien Jarno)
[2016-12-16] glibc 2.24-8 MIGRATED to testing (Debian testing watch)
[2016-12-05] Accepted glibc 2.24-8 (source) into unstable (Samuel Thibault)
[2016-12-01] glibc 2.24-7 MIGRATED to testing (Debian testing watch)
[2016-11-27] Accepted glibc 2.19-18+deb8u7 (source all) into proposed-updates->stable-new, proposed-updates (Aurelien Jarno)
[2016-11-26] Accepted glibc 2.24-7 (source) into unstable (Aurelien Jarno)
[2016-11-21] Accepted glibc 2.24-6 (source) into unstable (Aurelien Jarno)
[2016-10-24] glibc 2.24-5 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 444 474
RC: 1
I&N: 283 303
M&W: 160 170
F&P: 0

links

homepage
lintian (2, 286)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.26-0ubuntu1
290 bugs (2 patches)
patches for 2.26-0ubuntu1