glibc 2.31-0ubuntu9.7 source package in Ubuntu
Changelog
glibc (2.31-0ubuntu9.7) focal-security; urgency=medium * SECURITY UPDATE: infinite loop in iconv - debian/patches/any/CVE-2016-10228-1.patch: rewrite iconv option parsing in iconv/Makefile, iconv/Versions, iconv/gconv_charset.c, iconv/gconv_charset.h, iconv/gconv_int.h, iconv/gconv_open.c, iconv/iconv_open.c, iconv/iconv_prog.c, iconv/tst-iconv-opt.c, iconv/tst-iconv_prog.sh, intl/dcigettext.c. - debian/patches/any/CVE-2016-10228-2.patch: handle translation output codesets with suffixes in iconv/Versions, iconv/gconv_charset.c, iconv/gconv_charset.h, iconv/gconv_int.h, iconv/iconv_open.c, iconv/iconv_prog.c, intl/dcigettext.c, intl/tst-codeset.c. - CVE-2016-10228 * SECURITY UPDATE: buffer over-read in iconv - debian/patches/any/CVE-2019-25013.patch: fix buffer overrun in EUC-KR conversion module in iconvdata/bug-iconv13.c, iconvdata/euc-kr.c, iconvdata/ksc5601.h. - CVE-2019-25013 * SECURITY UPDATE: another infinite loop in iconv - debian/patches/any/CVE-2020-27618.patch: fix issue in iconv/tst-iconv_prog.sh, iconvdata/ibm1364.c. - CVE-2020-27618 * SECURITY UPDATE: DoS via assert in iconv - debian/patches/any/CVE-2020-29562.patch: fix incorrect UCS4 inner loop bounds in iconv/Makefile, iconv/gconv_simple.c, iconv/tst-iconv8.c. - CVE-2020-29562 * SECURITY UPDATE: signed comparison issue in ARMv7 memcpy - debian/patches/any/CVE-2020-6096-pre1.patch: add support_blob_repeat_allocate_shared in support/blob_repeat.c, support/blob_repeat.h, support/tst-support_blob_repeat.c. - debian/patches/any/CVE-2020-6096-1.patch: add test case in string/Makefile, string/tst-memmove-overflow.c. - debian/patches/any/CVE-2020-6096-2.patch: mark test as as XFAIL in string/tst-memmove-overflow.c, sysdeps/arm/Makefile. - debian/patches/any/CVE-2020-6096-3.patch: fix memcpy and memmove for negative length in sysdeps/arm/memcpy.S, sysdeps/arm/memmove.S. - debian/patches/any/CVE-2020-6096-4.patch: fix multiarch memcpy for negative length in sysdeps/arm/armv7/multiarch/memcpy_impl.S. - debian/patches/any/CVE-2020-6096-5.patch: remove string/tst-memmove-overflow XFAIL in sysdeps/arm/Makefile. - CVE-2020-6096 * SECURITY UPDATE: double-free in nscd - debian/patches/any/CVE-2021-27645.patch: track live allocation better in nscd/netgroupcache.c. - CVE-2021-27645 * SECURITY UPDATE: assertion fail in iconv - debian/patches/any/CVE-2021-3326.patch: fix assertion failure in ISO-2022-JP-3 module in iconvdata/Makefile, iconvdata/bug-iconv14.c, iconvdata/iso-2022-jp-3.c. - CVE-2021-3326 * SECURITY UPDATE: overflow in wordexp via crafted pattern - debian/patches/any/CVE-2021-35942.patch: handle overflow in positional parameter number in posix/wordexp-test.c, posix/wordexp.c. - CVE-2021-35942 * SECURITY UPDATE: Off-by-one buffer overflow/underflow in getcwd() - debian/patches/any/CVE-2021-3999.patch: set errno to ERANGE for size == 1 in sysdeps/posix/getcwd.c. - CVE-2021-3999 * SECURITY UPDATE: DoS via long svcunix_create path argument - debian/patches/any/CVE-2022-23218-pre1.patch: add the __sockaddr_un_set function in include/sys/un.h, socket/Makefile, socket/sockaddr_un_set.c, socket/tst-sockaddr_un_set.c. - debian/patches/any/CVE-2022-23218.patch: fix buffer overflow in sunrpc/svc_unix.c. - CVE-2022-23218 * SECURITY UPDATE: DoS via long clnt_create hostname argument - debian/patches/any/CVE-2022-23219.patch: fix buffer overflow in sunrpc/clnt_gen.c. - CVE-2022-23219 * debian/rules.d/build.mk: build with --with-default-link=no. * This package does _NOT_ contain the changes from (2.31-0ubuntu9.5) in focal-proposed. -- Marc Deslauriers <email address hidden> Thu, 24 Feb 2022 14:42:40 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Focal
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
glibc_2.31.orig.tar.xz | 16.5 MiB | 2b22c7b04a36747d6c74796a73193a6f8856bfd1efc551b5db96baefa053fe5e |
glibc_2.31-0ubuntu9.7.debian.tar.xz | 850.1 KiB | b6cb39b8e2b8d91dac7885fa71a0eb9a7935d9dc6815c18222632612d40f74f4 |
glibc_2.31-0ubuntu9.7.dsc | 9.3 KiB | 4b8fac4696fae5bf4625c573415aad26a3c603258284b9fde293dc742ac5dae8 |
Available diffs
Binary packages built by this source
- glibc-doc: GNU C Library: Documentation
Contains man pages for libpthread functions and the complete GNU C Library
ChangeLog. The GNU C Library Reference manual has been moved into
glibc-doc-reference for licensing reasons.
- glibc-source: GNU C Library: sources
This package contains the sources and patches which are needed to
build glibc.
- libc-bin: GNU C Library: Binaries
This package contains utility programs related to the GNU C Library.
.
* catchsegv: catch segmentation faults in programs
* getconf: query system configuration variables
* getent: get entries from administrative databases
* iconv, iconvconfig: convert between character encodings
* ldd, ldconfig: print/configure shared library dependencies
* locale, localedef: show/generate locale definitions
* tzselect, zdump, zic: select/dump/compile time zones
- libc-bin-dbgsym: debug symbols for libc-bin
- libc-dev-bin: GNU C Library: Development binaries
This package contains utility programs related to the GNU C Library
development package.
- libc-dev-bin-dbgsym: debug symbols for libc-dev-bin
- libc6: GNU C Library: Shared libraries
Contains the standard libraries that are used by nearly all programs on
the system. This package includes shared versions of the standard C library
and the standard math library, as well as many others.
- libc6-amd64: GNU C Library: 64bit Shared libraries for AMD64
This package includes shared versions of the standard C library and the
standard math library, as well as many others. This is the 64bit version
of the library, meant for AMD64 systems.
- libc6-amd64-dbgsym: debug symbols for libc6-amd64
- libc6-armel: GNU C Library: ARM softfp shared libraries for armhf
This package includes shared versions of the standard C
library and the standard math library, as well as many others.
This is the ARM softfp version of the library, meant for armhf systems.
- libc6-armel-dbgsym: debug symbols for libc6-armel
- libc6-dbg: GNU C Library: detached debugging symbols
This package contains the detached debugging symbols for the GNU C
library.
- libc6-dev: GNU C Library: Development Libraries and Header Files
Contains the symlinks, headers, and object files needed to compile
and link programs which use the standard C library.
- libc6-dev-amd64: GNU C Library: 64bit Development Libraries for AMD64
Contains the symlinks and object files needed to compile and link programs
which use the standard C library. This is the 64bit version of the
library, meant for AMD64 systems.
- libc6-dev-armel: GNU C Library: ARM softfp development libraries for armhf
Contains the symlinks and object files needed to compile and link programs
which use the standard C library. This is the ARM softfp version of the
library, meant for armhf systems.
- libc6-dev-i386: GNU C Library: 32-bit development libraries for AMD64
Contains the symlinks and object files needed to compile and link programs
which use the standard C library. This is the 32bit version of the
library, meant for AMD64 systems.
- libc6-dev-s390: GNU C Library: 32bit Development Libraries for IBM zSeries
Contains the symlinks and object files needed to compile and link programs
which use the standard C library. This is the 32bit version of the
library.
- libc6-dev-x32: GNU C Library: X32 ABI Development Libraries for AMD64
Contains the symlinks and object files needed to compile and link programs
which use the standard C library. This is the X32 ABI version of the
library, meant for amd64 systems.
- libc6-i386: GNU C Library: 32-bit shared libraries for AMD64
This package includes shared versions of the standard C
library and the standard math library, as well as many others.
This is the 32bit version of the library, meant for AMD64 systems.
- libc6-i386-dbgsym: debug symbols for libc6-i386
- libc6-lse: Dummy package.
This package used to contain libraries optimized to support the "large
system extensions", but such support is now contained in the base libraries
in a way that works on all systems. This package is empty and can safely be
removed.
- libc6-pic: GNU C Library: PIC archive library
Contains an archive library (ar file) composed of individual shared objects.
This is used for creating a library which is a smaller subset of the
standard libc shared library. The reduced library is used by debian-installer
and may be useful for custom installation media and in embedded systems.
- libc6-prof: GNU C Library: Shared Libraries
Contains the standard libraries that are used by nearly all programs on
the system. This package includes shared versions of the standard C library
and the standard math library, as well as many others.
.
This package contains all libraries compiled for profiling.
- libc6-s390: GNU C Library: 32bit Shared libraries for IBM zSeries
This package includes shared versions of the standard C library and the
standard math library, as well as many others. This is the 32bit version
of the library.
- libc6-s390-dbgsym: debug symbols for libc6-s390
- libc6-udeb: GNU C Library: Shared libraries - udeb
Contains the standard libraries that are used by nearly all programs on
the system. This package includes shared versions of the standard C library
and the standard math library, as well as many others.
.
This package contains a minimal set of libraries needed for the Debian
installer. Do not install it on a normal system.
- libc6-x32: GNU C Library: X32 ABI Shared libraries for AMD64
This package includes shared versions of the standard C library and the
standard math library, as well as many others. This is the X32 ABI version
of the library, meant for AMD64 systems.
- libc6-x32-dbgsym: debug symbols for libc6-x32
- locales: GNU C Library: National Language (locale) data [support]
Machine-readable data files, shared objects and programs used by the
C library for localization (l10n) and internationalization (i18n) support.
.
This package contains tools to generate locale definitions from source
files (included in this package). It allows you to customize which
definitions actually get generated. This is a space-saver over how this
package used to be, with all locales generated by default. This created
a package that unpacked to an excess of 30 megs.
- locales-all: GNU C Library: Precompiled locale data
This package contains the precompiled locale data for all supported locales.
A better alternative is to install the locales package and only select
desired locales, but it can be useful on a low-memory machine because some
locale files take a lot of memory to be compiled.
- nscd: GNU C Library: Name Service Cache Daemon
A daemon which handles passwd, group and host lookups
for running programs and caches the results for the next
query. You should install this package only if you use
slow services like LDAP, NIS or NIS+.
- nscd-dbgsym: debug symbols for nscd