Changelog
eglibc (2.13-38+deb7u10) wheezy-security; urgency=medium
[ Aurelien Jarno ]
* patches/any/cvs-strftime.diff: new patch from upstream to fix
segmentation fault caused by passing out-of-range data to strftime()
(CVE-2015-8776). Closes: #812445.
* patches/any/cvs-hcreate.diff: new patch from upstream to fix an integer
overflow in hcreate() and hcreate_r() (CVE-2015-8778). Closes: #812441.
* patches/any/cvs-catopen.diff: new patch from upstream to fix multiple
unbounded stack allocations in catopen() (CVE-2015-8779). Closes:
#812455.
* patches/any/cvs-gethostbyname4-memory-leak.diff: new patch from
upstream to fix a memory leak in _nss_dns_gethostbyname4_r with big
DNS answers.
* patches/any/local-CVE-2015-7547.diff: new patch to fix glibc getaddrinfo
stack-based buffer overflow (CVE-2015-7547).
-- Aurelien Jarno <email address hidden> Thu, 11 Feb 2016 23:11:53 +0100