← Back to team overview

registry team mailing list archive

[Bug 615953] Re: busybox sed core dump

 

This bug was fixed in the package eglibc - 2.12.1-0ubuntu11

---------------
eglibc (2.12.1-0ubuntu11) natty; urgency=low

  * Update to the eglibc 2.12 branch (r12365).
    - Fix alignment of AVX safe area on x86_64, issue #12113. LP: #662511.
    - Fix issue #12159, x86-64 strchr propagation of search byte into all bytes
      of SSE register. (LP: #615953)
    - any/cvs-audit-suid.diff, any/cvs-getlogin_r-error-handling-1.patch,
      any/cvs-getlogin_r-error-handling-2.patch, any/cvs-issue12092.diff,
      any/cvs-getlogin_r-error-handling-3.patch, any/cvs-issue12113.diff,
      any/cvs-issue11968.diff: Remove, merged upstream.
    - any/cvs-dst-expansion-fix.diff, any/submitted-etc-resolv.conf.diff,
      locale/locale-print-LANGUAGE.diff: Updated.

  * Sort changelog entries with bzr-builddeb's merge_changelog to help merging
    with Debian; update Debian changelog entries to their latest version, and
    drop Debian changelog entries which aren't in the unstable changelog; this
    keeps the diff between Debian unstable's changelog and Ubuntu's changelog
    minimal (only Ubuntu entries) and makes it easier to review new Debian
    changes.
  * Copy binutils [mips mipsel] build-dep to minimize delta with Debian's
    build-deps.
  * Drop Vcs-Bzr; this package is now maintained in lp:ubuntu/eglibc.
  * Drop version in texinfo build-dep; this is satisfied even in dapper.
  * Move belocs-locales-bin conflicts around to lower the diff with Debian's
    control.
  * Copy Debian's libc6-dev-i386 Conflicts with libc6-i386 (<= 2.9-18) for
    some older upgrades; this seems to apply to Ubuntu as well, and reduces
    the delta with Debian just a bit.  libc6-dev-i386 is not a commonly
    installed package, and this is satisfied in lucid and later anyway, so it
    shouldn't make upgrades harder, except if people use backports.
  * Drop debian/control.in/libc0.1, libc0.3, libc6, and libc6.1 (these are
    automatically generated) after confirming that generating them results in
    the same data.
  * Drop debian/debhelper.in/glibc-doc.docs; ChangeLog* is already listed in
    debian/debhelper.in/glibc-doc.install.
  * Drop debian/debhelper.in/libc-alt-dev.postinst as it only helps powerpc
    upgrades from dapper versions which aren't supported on powerpc anymore.
  * debian/debhelper.in/libc.postinst: drop inconsistent quotes around 2.12.
  * debian/local/manpages/gencat.1, iconvconfig.8, mtrace.1: revert differing
    RCS timestamps.
  * debian/patches/series: drop reference to changelog version with respect to
    local-ipv6-lookup.diff as the reference is bogus.
  * Drop debian/patches/alpha/submitted-getsysstats.diff,
    submitted-includes.diff, submitted-lowlevellock.diff,
    submitted-procfs_h.diff; these should have been dropped in earlier merges
    as they are not applied anymore and were dropped from Debian.
  * Drop commented-out hppa/* lines from patches/series to be consistent with
    how other arches were handled.
  * debian/sysdeps/amd64.mk: symlink ld-linux with the same rune as Debian.
  * Drop changes to debian/sysdeps/hurd.mk; Ubuntu doesn't build for Hurd.
  * Remove debian/wrapper/objcopy; was dropped in Debian already.
  * Add debian/ubuntu-changes trying to document all Debian -> Ubuntu
    changes, albeit some remain obscure.
  * Merge Debian 2.11.2-3.
    - Drop new sparc/hurd/kfreebsd etc. patches from series.
    - Replace any/submitted-etc-resolv.conf.diff by upstream version
      patches/any/cvs-etc-resolv.conf.diff.
    - Remaining changes are listed in debian/ubuntu-changes.
    - Prefix "Embedded" to binary packages' short descriptions;
      Debian #587586.
    - debian/control.in/libc: conflicts with prelink (<< 0.0.20090925) as
      earlier versions corrupts libc 2.11+ libraries; Debian #593966.
    - Look for apache2.2-common instead of apache2-common in nsscheck;
      Debian #586527.
    - Always try to restart init when needed, and ignore the possible errors;
      Debian #588922, #590175.
    - Add localedata/locale-tt_RU.diff from upstream to fix the name of the
      tt_RU.UTF-8@iqtelif locale; Debian #588478.
    - Update Galician debconf translation, by Jorge Barreiro; Debian #592807.
  * debian/control.in/opt, debian/control: Use ${binary:Version} instead of
    ${Source-Version} for sparc flavors.
  * Merge Debian 2.11.2-4.
    - Drop new patches/hurd-i386/submitted-sched_param.diff from series.
    - Remove manpages now provided by manpages-dev; Debian #595194);
      LP: #669361.
  * Merge Debian 2.11.2-5.
    - Replace any/cvs-etc-resolv.conf.diff with previous version
      any/submitted-etc-resolv.conf.diff; Debian #595269.
    - Update any/cvs-sunrpc-license.diff from upstream.
  * Merge Debian 2.11.2-6.
    - Update Arabic debconf translation, by Ossama Khayat; Debian #596161.
    - update-locale: if LANGUAGE is not compatible with the selected default
      locale, emit a warning and disable it instead of failing;
      Debian #596695.
    - Add armhf support; Debian #596804.
    - any/submitted-resolv.conf-thread.diff: new patch to correctly reload
      resolv.conf for all threads; Debian #596499.
  * Merge Debian 2.11.2-7.
    - Update Portuguese debconf translation, by Pedro Ribeiro; Debian #597348.
    - Don't add any/submitted-origin.diff as we have
      any/dst-expansion-fix.diff already.
    - Add any/cvs-audit-suid.diff to only load SUID audit objects in SUID
      binaries. Fix CVE-2010-3847. Debian #600667.
    - Update Catalan debconf translation, by Jordi Mallach; Debian #601085.
    - Update Vietnamese debconf translation, by Clytie Siddall;
      Debian #601531.
    - Add arm/local-sigaction.diff to match sigaction with SA_RESTORER
      behaviour with other architectures; Debian #595403.

  [ Matthias Klose ]
  * any/cvs-at-pagesize.diff: Don't assume AT_PAGESIZE is always available.
    LP: #672352.
  * Remove po/header.pot file. LP: #670678.
  * On ARM, use the atomic builtins provided by GCC (Ken Werner). LP: #643171.
  * Build using GCC-4.5.

  [ Kees Cook ]
  * Rearrange recent security patches:
    - disable-ld_audit.diff:
      - should live in patches/ubuntu for now.
      - updated comments to include CVE-2010-3856.
    - any/dst-expansion-fix.diff renamed to any/cvs-dst-expansion-fix.diff.
    - series updated to move upstream fixes out of Ubuntu-specific section.
 -- Matthias Klose <doko@xxxxxxxxxx>   Tue, 21 Dec 2010 20:35:36 +0100

** Changed in: eglibc (Ubuntu)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-3847

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-3856

-- 
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Fedora.
https://bugs.launchpad.net/bugs/615953

Title:
  busybox sed core dump