Merge branch 'master' into 'master'

Upgrade to eglibc_2.19-0ubuntu6.6 (security fixes) Arnaud Le Blanc discovered that the GNU C Library incorrectly handled file descriptors when resolving DNS queries under high load. This may cause a denial of service in other applications, or an information leak. (CVE-2013-7423) It was discovered that the GNU C Library incorrectly handled receiving a positive answer while processing the network name when performing DNS resolution. A remote attacker could use this issue to cause the GNU C Library to hang, resulting in a denial of service. (CVE-2014-9402) Joseph Myers discovered that the GNU C Library wscanf function incorrectly handled memory. A remote attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2015-1472, CVE-2015-1473) See merge request !5
sailfishos · Mar 6, 2015 · b5ee3f3 · b5ee3f3
2 parents 8cbb089 + a459258
commit b5ee3f3
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 2 deletions.
diff --git a/eglibc_2.19-0ubuntu6.4.debian.tar.xz b/eglibc_2.19-0ubuntu6.4.debian.tar.xz
diff --git a/eglibc_2.19-0ubuntu6.6.debian.tar.xz b/eglibc_2.19-0ubuntu6.6.debian.tar.xz
diff --git a/glibc.changes b/glibc.changes
@@ -1,3 +1,8 @@
+* Wed Mar 04 2015 Pasi Sjöholm <pasi.sjoholm@jollamobile.com> - 2.19
+- Upgrade to eglibc_2.19-0ubuntu6.6
+- Fixes CVE-2013-7423, CVE-2014-9402, CVE-2015-1472,
+  CVE-2015-1473
+
 * Sun Dec 21 2014 Islam Amer <islam.amer@jolla.com> - 2.19
 - Remove locale-archive.tmpl generation during build time to save ~100Mb disk space
 - Remove build-locale-archive invocation in %post to save a lot of time and disk burn

diff --git a/glibc.spec b/glibc.spec
@@ -9,7 +9,7 @@
 Summary: Embedded GLIBC (EGLIBC) is a variant of the GNU C Library (GLIBC)
 Name: glibc
 Version: 2.19
-Release: 6.4
+Release: 6.6
 
 # GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
 # Things that are linked directly into dynamically linked programs
@@ -20,7 +20,7 @@ License: LGPLv2+ and LGPLv2+ with exceptions and GPLv2+
 Group: System/Libraries
 URL: http://www.eglibc.org/
 Source0: https://launchpad.net/ubuntu/+archive/primary/+files/eglibc_2.19.orig.tar.xz
-Source1: http://archive.ubuntu.com/ubuntu/pool/main/e/eglibc/eglibc_2.19-0ubuntu6.4.debian.tar.xz
+Source1: http://archive.ubuntu.com/ubuntu/pool/main/e/eglibc/eglibc_2.19-0ubuntu6.6.debian.tar.xz
 Source11: build-locale-archive.c
 
 # glibc-arm-alignment-fix.patch: safe but probably not needed anymore