[Bug 2045763] Re: glibc: Drop the libc-dev dependency on libtirpc-dev

Launchpad Bug Tracker 2045763 at bugs.launchpad.net
Thu Feb 22 20:46:19 UTC 2024 

This bug was fixed in the package glibc - 2.39-0ubuntu1

---------------
glibc (2.39-0ubuntu1) noble; urgency=medium

  * New upstream release
    Contains fixes for the following CVEs:
    - CVE-2023-6246: Heap buffer overflow in __vsyslog_internal()
    - CVE-2023-6779: Heap buffer overflow in __vsyslog_internal()
    - CVE-2023-6780: Integer overflow in __vsyslog_internal()
    Patches:
    - Several patches refreshed
    - d/p/localedata/lv_LV-current.patch: dropped, applied upstream
    - d/p/lp{2031495,2032624}: dropped, applied upstream
    - d/p/any/git-c-utf-8-language.diff: dropped, applied upstream
  * d/p/ubuntu/submitted-tests-gracefully-handle-AppArmor-userns-containment.patch:
    Fix the tests in recent apparmor environments (LP: #2048375)
  * Drop libnss-nis and libnss-nisplus to Suggests (LP: #2045241)
  * Fix Replaces version for libsotruss.so file move (LP: #2042665)
  * Remove libc6-dev dependency on libtirpc-dev (LP: #2045763)
  * Dropped a lot of Ubuntu-specific xfails that are now passing.
  * Drop the -prof variant to instead use frame pointers on all 64-bit
    architectures by default to match the rest of the distro (LP: #2042790)

 -- Simon Chopin <schopin at ubuntu.com>  Thu, 01 Feb 2024 09:44:24 +0100

** Changed in: glibc (Ubuntu)
       Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6246

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6779

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6780

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/2045763

Title:
  glibc: Drop the libc-dev dependency on libtirpc-dev

Status in glibc package in Ubuntu:
  Fix Released

Bug description:
  We've carried a dependency on libtirpc-dev in libc-dev ever since the
  RPC support was removed in glibc to ease the transition. However, that
  dependency has been dropped in Debian for a while, so it should be
  relatively safe for us to drop it in Noble without too much of an
  impact in the archive.

  This change will be tested in the upcoming test rebuild.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/2045763/+subscriptions

More information about the foundations-bugs mailing list