-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 30 Apr 2024 23:07:28 +0200 Source: glibc Architecture: source Version: 2.36-9+deb12u7 Distribution: bookworm-security Urgency: medium Maintainer: GNU Libc Maintainers Changed-By: Aurelien Jarno Changes: glibc (2.36-9+deb12u7) bookworm-security; urgency=medium . * debian/patches/local-CVE-2024-33599-nscd.diff: Fix a stack-based buffer overflow in nscd netgroup cache (CVE-2024-33599). * debian/patches/local-CVE-2024-33600-nscd.diff: Fix a null pointer dereferences in nscd after failed netgroup cache insertion (CVE-2024-33600). * debian/patches/any/local-CVE-2024-33601-33602-nscd.diff: Fix a DoS in nscd in case of memory allocation failure (CVE-2024-33601) and a memory corruption in nscd when the underlying NSS callback function does not use the buffer space to store all strings (CVE-2024-33602). Checksums-Sha1: 91ff0726e08e8d12caa35c5a648b76518933b387 9761 glibc_2.36-9+deb12u7.dsc c0b26a577a964acc2ac13617c36e16e76eac4fd7 862848 glibc_2.36-9+deb12u7.debian.tar.xz 87cda8dc2ec458beca172738e9c1d43157bd08ff 9744 glibc_2.36-9+deb12u7_source.buildinfo Checksums-Sha256: b5e615ea887acb1f16c4fdc83bb50c6ca9d38cde038caa9fe87b26c03076b772 9761 glibc_2.36-9+deb12u7.dsc a9e0dcec7cd82c81d98f4d0652e9c576d5d4801ef8cfb8dfc06277a8977cb5ac 862848 glibc_2.36-9+deb12u7.debian.tar.xz 169f84e9a095e11e74347b73e15334ce369d2579ea591d349c59a125f32d2519 9744 glibc_2.36-9+deb12u7_source.buildinfo Files: a4f4346578f0ff48aa7a5b8c5a0883f2 9761 libs required glibc_2.36-9+deb12u7.dsc 23d8311c9271473aff9f73eda3182ca0 862848 libs required glibc_2.36-9+deb12u7.debian.tar.xz 5be963af6db9724c2d32b082ce1cd2ed 9744 libs required glibc_2.36-9+deb12u7_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEUryGlb40+QrX1Ay4E4jA+JnoM2sFAmYxX4UACgkQE4jA+Jno M2takw/9FO9rt6XSSbK2ysEtnZhA4Mn7Mh4NBzWbIDJ1LGGKZuLqS318BoTI2t7J n0RExSsRRi8OvVPp8nPgEBRZgm/FgpG9DQaLjaZ+KrQaCZfIATy1SStwuvhWob3t hBxrSiU3AXVyk/eixmFrojL5BL7FFWZ49M/h5EDcHLZ0qFv2Ke1O1KE1XnF5lzki Wfs+3S5Gx7q+n5pnKnmoa0Ws9axyVpqmTKjmdgUf1tHvRNHLQiyBi6vCikXlNic0 upMSqod/U4Dkq6GCK0CstXsWaKHywjRGAMQ23GxJibfJ2fdPY6XDFfa2ZnsPArrX Ih+SDYaQS0cgaNys2PyC14m76nCA5QOd6wzZbgG/tKgGZ6EJi6hAE6EM5xMklje1 NwjBxFlUkdJOTgFPBl4vFTyKY+tDZhq6CAQ8x/pnQNKFWmkiDDtVr9V5erObycSK Rx5eQNxv1jl/NdPVe6qCassJCcPKFahosP/Yr3oLubcaFfRjO5hzR/6VkPa9FoOT WEPZWq0RNS05TdyK3cOHIuai+CewvIpF7KqFAN+s3BpoGQfAfM7FjyuuPQxCUp4y jrQE44I498qUbdb6Qt3i8S2nW+ff2KJm4CTkuejfiSJldVYo2K/CiFRCPA9s5CEW aOndiaERz4ThrY26msHa7yDU3VMZkTrYRFucwCsMZomln/sWZ3E= =uLlC -----END PGP SIGNATURE-----