[ubuntu/questing-proposed] klibc 2.0.14-1ubuntu1 (Accepted)

Benjamin Drung bdrung at ubuntu.com
Wed Jun 11 09:11:17 UTC 2025 

klibc (2.0.14-1ubuntu1) questing; urgency=medium

  * Merge with Debian unstable (LP: #2112018). Remaining changes:
    - SECURITY UPDATE: improper pointer arithmetic
      + debian/patches/CVE-2016-9840.patch: remove offset pointer optimization
        in usr/klibc/zlib/inftrees.c.
      + CVE-2016-9840
    - SECURITY UPDATE: improper pointer arithmetic
      + debian/patches/CVE-2016-9841.patch: remove offset pointer optimization
        in usr/klibc/zlib/inffast.c.
      + CVE-2016-9841
    - SECURITY UPDATE: memory corruption during compression
      + debian/patches/CVE-2018-25032.patch: addresses a bug that can crash
        deflate on rare inputs when using Z_FIXED.
      + CVE-2018-25032
    - SECURITY UPDATE: heap-based buffer over-read
      + debian/patches/CVE-2022-37434-1.patch: adds an extra condition to check
        if state->head->extra_max is greater than len before copying, and moves
        the len assignment to be placed before the check in
        usr/klibc/zlib/inflate.c.
      + debian/patches/CVE-2022-37434-2.patch: in the previous patch, the
        placement of the len assignment was causing issues so it was moved
        within the conditional check.
      + CVE-2022-37434

klibc (2.0.14-1) unstable; urgency=medium

  * New upstream version:
    - parisc: Fix build with Linux 6.10+ (Closes: #1075820)

Date: Wed, 11 Jun 2025 11:05:35 +0200
Changed-By: Benjamin Drung <bdrung at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/klibc/2.0.14-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 11 Jun 2025 11:05:35 +0200
Source: klibc
Built-For-Profiles: noudeb
Architecture: source
Version: 2.0.14-1ubuntu1
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Benjamin Drung <bdrung at ubuntu.com>
Closes: 1075820
Launchpad-Bugs-Fixed: 2112018
Changes:
 klibc (2.0.14-1ubuntu1) questing; urgency=medium
 .
   * Merge with Debian unstable (LP: #2112018). Remaining changes:
     - SECURITY UPDATE: improper pointer arithmetic
       + debian/patches/CVE-2016-9840.patch: remove offset pointer optimization
         in usr/klibc/zlib/inftrees.c.
       + CVE-2016-9840
     - SECURITY UPDATE: improper pointer arithmetic
       + debian/patches/CVE-2016-9841.patch: remove offset pointer optimization
         in usr/klibc/zlib/inffast.c.
       + CVE-2016-9841
     - SECURITY UPDATE: memory corruption during compression
       + debian/patches/CVE-2018-25032.patch: addresses a bug that can crash
         deflate on rare inputs when using Z_FIXED.
       + CVE-2018-25032
     - SECURITY UPDATE: heap-based buffer over-read
       + debian/patches/CVE-2022-37434-1.patch: adds an extra condition to check
         if state->head->extra_max is greater than len before copying, and moves
         the len assignment to be placed before the check in
         usr/klibc/zlib/inflate.c.
       + debian/patches/CVE-2022-37434-2.patch: in the previous patch, the
         placement of the len assignment was causing issues so it was moved
         within the conditional check.
       + CVE-2022-37434
 .
 klibc (2.0.14-1) unstable; urgency=medium
 .
   * New upstream version:
     - parisc: Fix build with Linux 6.10+ (Closes: #1075820)
Checksums-Sha1:
 a1ce3e600f28347290a8dfe6d1aebee8fb519fb3 2298 klibc_2.0.14-1ubuntu1.dsc
 e56ae3b1e47821b3c5cd5648355f3d72e23670a9 466560 klibc_2.0.14.orig.tar.xz
 13b11609ca19c506b1681d2b4bad2aa0b8e1a29e 27408 klibc_2.0.14-1ubuntu1.debian.tar.xz
 da58b95f91b25fd0f28abc2f11db62abe2a3dc8c 7091 klibc_2.0.14-1ubuntu1_source.buildinfo
Checksums-Sha256:
 097f987484ef5ffc0fe3df13346aca3bcad34c5815ce7b7cb123add327f334d5 2298 klibc_2.0.14-1ubuntu1.dsc
 281bfb683e196818412af70b8968b7726475a80ff1c4bd67119e6bf5059f9075 466560 klibc_2.0.14.orig.tar.xz
 191a85faacad08a050411eafbba0b4063bff2d60b65fad7fe1f8785421a33e68 27408 klibc_2.0.14-1ubuntu1.debian.tar.xz
 d9f5e5e8e3e6cbb6b90a339e3dea6ea0e971deda955023fcddaa190b5f5b1a3f 7091 klibc_2.0.14-1ubuntu1_source.buildinfo
Files:
 fd1d877de80e6a8388f638da42cce9f9 2298 libs optional klibc_2.0.14-1ubuntu1.dsc
 2613d2959f57138504c9e7e53ff71ba9 466560 libs optional klibc_2.0.14.orig.tar.xz
 6e8d0c20fb4a897910cf2a429c5d2a6e 27408 libs optional klibc_2.0.14-1ubuntu1.debian.tar.xz
 4741787dc8f88d844e0d54a41c1a8259 7091 libs optional klibc_2.0.14-1ubuntu1_source.buildinfo
Original-Maintainer: Debian Kernel Team <debian-kernel at lists.debian.org>
Vcs-Git: https://git.launchpad.net/~bdrung/ubuntu/+source/klibc
Vcs-Git-Commit: e728db0a370015a265553a02e52f7eb979a63462
Vcs-Git-Ref: refs/heads/merge-2112018

More information about the Questing-changes mailing list