Bug#979273: marked as done (glibc: CVE-2019-25013)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Tue, 05 Jan 2021 06:03:36 +0000
with message-id <E1kwfRQ-000DKh-1S@fasolo.debian.org>
and subject line Bug#979273: fixed in glibc 2.31-9
has caused the Debian Bug report #979273,
regarding glibc: CVE-2019-25013
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
979273: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979273
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: glibc: CVE-2019-25013
• From: Salvatore Bonaccorso <carnil@debian.org>
• Date: Mon, 04 Jan 2021 20:59:35 +0100
• Message-id: <[🔎] 160979037503.29655.2748107939544609445.reportbug@eldamar.lan>

Source: glibc
Version: 2.31-7
Severity: important
Tags: security upstream
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=24973
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 2.28-10

Hi,

The following vulnerability was published for glibc, filling for
tracking in the BTS.

CVE-2019-25013[0]:
| The iconv feature in the GNU C Library (aka glibc or libc6) through
| 2.32, when processing invalid multi-byte input sequences in the EUC-KR
| encoding, may have a buffer over-read.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-25013
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25013
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=24973
[2] https://sourceware.org/git/?p=glibc.git;a=commit;h=ee7a3144c9922808181009b7b3e50e852fb4999b

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

• To: 979273-close@bugs.debian.org
• Subject: Bug#979273: fixed in glibc 2.31-9
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Tue, 05 Jan 2021 06:03:36 +0000
• Message-id: <E1kwfRQ-000DKh-1S@fasolo.debian.org>
• Reply-to: Aurelien Jarno <aurel32@debian.org>

Source: glibc
Source-Version: 2.31-9
Done: Aurelien Jarno <aurel32@debian.org>

We believe that the bug you reported is fixed in the latest version of
glibc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 979273@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated glibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 05 Jan 2021 06:47:42 +0100
Source: glibc
Architecture: source
Version: 2.31-9
Distribution: unstable
Urgency: medium
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Closes: 968349 979273
Changes:
 glibc (2.31-9) unstable; urgency=medium
 .
   [ Samuel Thibault ]
   * debian/testsuite-xfail-debian.mk: Update tests.
   * debian/patches/hurd-i386/git-mmap_addr.diff: Fix long-running ghc processes.
 .
   [ Aurelien Jarno ]
   * Upload to unstable.
   * debian/patches/git-updates.diff: update from upstream stable branch:
     - Fix a buffer over-read when processing invalid multi-byte input
       sequences in the EUC-KR encoding (CVE-2019-25013).  Closes: #979273.
   * debian/control.in/libc: add a Breaks: against libgegl-0.4-0 (<< 0.4.18).
     Closes: #968349.
Checksums-Sha1:
 b80503b444cc6b04ea66a60551552fab550f3a3e 8311 glibc_2.31-9.dsc
 c276c405aa11e3a7a4eee88a79a19fa2a7d7a3e5 902504 glibc_2.31-9.debian.tar.xz
 b933f9e9818d4298ec0c0daeb91dc7b191b06fe6 8626 glibc_2.31-9_source.buildinfo
Checksums-Sha256:
 5f4848ef9d3b98e3271ec9a8077b50147d37db93575fa73a9de487b095e2973c 8311 glibc_2.31-9.dsc
 4d1644f39bfbbb2eec8c3e4aceda7472ee435a7a9bf73dc2967ddde0a2e35230 902504 glibc_2.31-9.debian.tar.xz
 564c2f4fb30db124aa19b053f636f48c720d3cc972d8b1e4e4a7c24952768c2e 8626 glibc_2.31-9_source.buildinfo
Files:
 f21178fe384768853cb0e9cacf62af95 8311 libs required glibc_2.31-9.dsc
 24de6aa1f91b8f36a164bdd26eda3d52 902504 libs required glibc_2.31-9.debian.tar.xz
 1c2274d6bbaf6cf050a0ee25a6dd53c5 8626 libs required glibc_2.31-9_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAl/z/tEACgkQE4jA+Jno
M2uo+xAAnJQB+djKmj+sqozvIt2LbHAQ+JRWXwMPmIpIZQH2fiYjvEcN6PLy9Sfb
zH9Gvyk4S/ivouxFUuSyQZeM1oXsJi5PXoik0FSCp+sV0ncr5aGEw7PcdrOfb6C9
fGLcvUiTnvhHoP7uXAqnMM0GLJaAE+1/pJ9gDfj+MmB8aQUz8UJMTlewpGAPgfrc
JcTNOcN1mQ/KhLjHmuVNqf1X2WXEoYezouwPynOu/KurwPE2FdSZ7EvsGVhHaZbE
MLLfc77Gs6+m5oF/5hYoPTBlePokagCXLSvkaE25xPFqVKoGOyugOAeHZbSgEhO+
Uef02qDYkQwBU9DsYbraSiBUz08qcK/xxYzVEVK0pnDC1BNJA04HAKjdC6ULwYcJ
Yz5nL09k+Qws31P7Qfq5jxUmpk7ivQuG3Z5BWW/ZRcLLhc7MVSFN2UmJdcWt0e7U
5ZEWILtOyzS6X1UjtESj0HZGMnphHiZphhiU8mTgD0ckWxmClQh77BEsZl0y3s77
fcSpszLdpOkBDIHGjkfZ564S1Yvdf6YHYWYzpc9lG0Gng1nuLio3n+6nhKse/ukA
RaDhY011EsxIfDF6QVY9trcbE1kkvzoQtjjud0PID4JI97ShwEnEkSPJC4U1PzoN
7/qLy0Xcp4gXXe3p8iLnmSOL9WApUqhX59ifEwNFI7ky4Plzn1A=
=xmPW
-----END PGP SIGNATURE-----

--- End Message ---