From: Raspbian automatic forward porter <root@raspbian.org>
Date: Tue, 6 Feb 2024 22:41:46 +0000 (+0000)
Subject: Merge version 2.36-9+rpi1+deb12u3 and 2.36-9+deb12u4 to produce 2.36-9+rpi1+deb12u4
X-Git-Tag: archive/raspbian/2.36-9+rpi1+deb12u4
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=2324c819354eac00f4713b076f43bf25d4f0b774;p=glibc.git

Merge version 2.36-9+rpi1+deb12u3 and 2.36-9+deb12u4 to produce 2.36-9+rpi1+deb12u4
---

9d306d9fe946b55d091c29ccdbdd72740bd261de
diff --cc debian/changelog
index 9b77ee91c,8e1ee8815..fa7e3d9f1
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,12 -1,15 +1,25 @@@
- glibc (2.36-9+rpi1+deb12u3) bookworm-staging; urgency=medium
++glibc (2.36-9+rpi1+deb12u4) bookworm-staging; urgency=medium
 +
 +  [changes brought forward from 2.25-2+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Wed, 29 Nov 2017 03:00:21 +0000]
 +  * Disable testsuite.
 +
 +  [changes brought forward from 2.35-1+rpi2 by Peter Michael Green <plugwash@raspbian.org> at Sun, 02 Oct 2022 17:46:25 +0000]
 +  * Remove valgrind breaks.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Wed, 04 Oct 2023 15:52:45 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Tue, 06 Feb 2024 22:41:45 +0000
++
+ glibc (2.36-9+deb12u4) bookworm-security; urgency=medium
+ 
+   * debian/patches/any/local-CVE-2023-6246.patch: Fix a heap buffer overflow
+     in __vsyslog_internal (CVE-2023-6246).
+   * debian/patches/any/local-CVE-2023-6779.patch: Fix an off-by-one heap
+     buffer overflow in __vsyslog_internal (CVE-2023-6779).
+   * debian/patches/any/local-CVE-2023-6780.patch: Fix an integer overflow in
+     __vsyslog_internal (CVE-2023-6780).
+   * debian/patches/any/local-qsort-memory-corruption.patch: Fix a memory
+     corruption in qsort() when using nontransitive comparison functions.
+ 
+  -- Aurelien Jarno <aurel32@debian.org>  Tue, 23 Jan 2024 21:57:06 +0100
  
  glibc (2.36-9+deb12u3) bookworm-security; urgency=medium
  
diff --cc debian/patches/series
index bbe8307fb,51dbb4dd8..3982018e2
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -106,4 -120,7 +106,8 @@@ any/local-cross.patc
  any/git-floatn-gcc-13-support.diff
  any/local-disable-tst-bz29951.diff
  any/local-CVE-2023-4911.patch
+ any/local-CVE-2023-6246.patch
+ any/local-CVE-2023-6779.patch
+ any/local-CVE-2023-6780.patch
+ any/local-qsort-memory-corruption.patch
 +auto-2.34-7+rpi1-de346af12a6cb5181ed2ab174fb35c88f3b64f4b-1663212931