[Bug 2042790] Re: libc6-prof description should say what profiling features are present

Launchpad Bug Tracker 2042790 at bugs.launchpad.net
Thu Feb 22 20:46:19 UTC 2024 

This bug was fixed in the package glibc - 2.39-0ubuntu1

---------------
glibc (2.39-0ubuntu1) noble; urgency=medium

  * New upstream release
    Contains fixes for the following CVEs:
    - CVE-2023-6246: Heap buffer overflow in __vsyslog_internal()
    - CVE-2023-6779: Heap buffer overflow in __vsyslog_internal()
    - CVE-2023-6780: Integer overflow in __vsyslog_internal()
    Patches:
    - Several patches refreshed
    - d/p/localedata/lv_LV-current.patch: dropped, applied upstream
    - d/p/lp{2031495,2032624}: dropped, applied upstream
    - d/p/any/git-c-utf-8-language.diff: dropped, applied upstream
  * d/p/ubuntu/submitted-tests-gracefully-handle-AppArmor-userns-containment.patch:
    Fix the tests in recent apparmor environments (LP: #2048375)
  * Drop libnss-nis and libnss-nisplus to Suggests (LP: #2045241)
  * Fix Replaces version for libsotruss.so file move (LP: #2042665)
  * Remove libc6-dev dependency on libtirpc-dev (LP: #2045763)
  * Dropped a lot of Ubuntu-specific xfails that are now passing.
  * Drop the -prof variant to instead use frame pointers on all 64-bit
    architectures by default to match the rest of the distro (LP: #2042790)

 -- Simon Chopin <schopin at ubuntu.com>  Thu, 01 Feb 2024 09:44:24 +0100

** Changed in: glibc (Ubuntu Noble)
       Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6246

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6779

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6780

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/2042790

Title:
  libc6-prof description should say what profiling features are present

Status in glibc package in Ubuntu:
  Fix Released
Status in glibc source package in Noble:
  Fix Released

Bug description:
  We have a libc6-prof package in the archive whose only addition to the
  base description is:

   This package contains all libraries compiled for profiling.

  This is opaque and doesn't explain at all what profiling features are
  enabled.

  My understanding is that the key feature here is the use of -fno-omit-
  frame-pointer.  But the package description should say.

  'apt search omit-frame' returns no results, it would be good to fix it
  so it did.  Putting this in the package description would achieve
  that.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/2042790/+subscriptions

More information about the foundations-bugs mailing list