Commit b5ee3f3e authored by stskeeps's avatar stskeeps

Merge branch 'master' into 'master'

Upgrade to eglibc_2.19-0ubuntu6.6 (security fixes)

Arnaud Le Blanc discovered that the GNU C Library incorrectly handled file
descriptors when resolving DNS queries under high load. This may cause a
denial of service in other applications, or an information leak.
(CVE-2013-7423)

It was discovered that the GNU C Library incorrectly handled receiving a
positive answer while processing the network name when performing DNS
resolution. A remote attacker could use this issue to cause the GNU C
Library to hang, resulting in a denial of service. (CVE-2014-9402)

Joseph Myers discovered that the GNU C Library wscanf function incorrectly
handled memory. A remote attacker could possibly use this issue to cause
the GNU C Library to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2015-1472, CVE-2015-1473)

See merge request !5
parents 8cbb089e a4592580
* Wed Mar 04 2015 Pasi Sjöholm <pasi.sjoholm@jollamobile.com> - 2.19
- Upgrade to eglibc_2.19-0ubuntu6.6
- Fixes CVE-2013-7423, CVE-2014-9402, CVE-2015-1472,
CVE-2015-1473
* Sun Dec 21 2014 Islam Amer <islam.amer@jolla.com> - 2.19
- Remove locale-archive.tmpl generation during build time to save ~100Mb disk space
- Remove build-locale-archive invocation in %post to save a lot of time and disk burn
......
......@@ -9,7 +9,7 @@
Summary: Embedded GLIBC (EGLIBC) is a variant of the GNU C Library (GLIBC)
Name: glibc
Version: 2.19
Release: 6.4
Release: 6.6
# GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
# Things that are linked directly into dynamically linked programs
......@@ -20,7 +20,7 @@ License: LGPLv2+ and LGPLv2+ with exceptions and GPLv2+
Group: System/Libraries
URL: http://www.eglibc.org/
Source0: https://launchpad.net/ubuntu/+archive/primary/+files/eglibc_2.19.orig.tar.xz
Source1: http://archive.ubuntu.com/ubuntu/pool/main/e/eglibc/eglibc_2.19-0ubuntu6.4.debian.tar.xz
Source1: http://archive.ubuntu.com/ubuntu/pool/main/e/eglibc/eglibc_2.19-0ubuntu6.6.debian.tar.xz
Source11: build-locale-archive.c
# glibc-arm-alignment-fix.patch: safe but probably not needed anymore
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment