touch-packages team mailing list archive

Thread
Date

[Bug 1362409] Re: please fix CVE-2014-5119

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1362409@xxxxxxxxxxxxxxxxxx>
Date: Thu, 28 Aug 2014 19:26:12 -0000
Reply-to: Bug 1362409 <1362409@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package eglibc - 2.19-0ubuntu6.3

---------------
eglibc (2.19-0ubuntu6.3) trusty; urgency=medium

  * SECURITY UPDATE: heap overflow in __gconv_translit_find() (LP: #1362409)
    - debian/patches/any/cvs-CVE-2014-5119.diff: Backport upstream commit to
      completely remove support for loadable gconv transliteration modules.
 -- Adam Conrad <adconrad@xxxxxxxxxx>   Wed, 27 Aug 2014 22:19:15 -0600

** Changed in: eglibc (Ubuntu Lucid)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/1362409

Title:
  please fix CVE-2014-5119

Status in “eglibc” package in Ubuntu:
  Won't Fix
Status in “glibc” package in Ubuntu:
  In Progress
Status in “eglibc” source package in Lucid:
  Fix Released
Status in “eglibc” source package in Precise:
  Fix Released
Status in “eglibc” source package in Trusty:
  Fix Released
Status in “eglibc” source package in Utopic:
  Won't Fix
Status in “glibc” source package in Utopic:
  In Progress

Bug description:
  http://www.openwall.com/lists/oss-security/2014/08/26/2

  https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=patch;h=a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/1362409/+subscriptions

References

[Bug 1362409] [NEW] please fix CVE-2014-5119
From: Jamie Strandboge, 2014-08-28