[Git][security-tracker-team/security-tracker][master] Update status for CVE-2026-3904/glibc
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Wed Mar 11 16:34:05 GMT 2026
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7028afc1 by Salvatore Bonaccorso at 2026-03-11T17:33:44+01:00
Update status for CVE-2026-3904/glibc
The change was actually cherry-picked already for glibc/2.36-9 with an
updated git-updates.diff:
* debian/patches/git-updates.diff: update from upstream stable branch:
- Prevent SIGSEGV in the SSE2 version of memcmp when data is concurrently
modified. Closes: #1033931.
Add as well Debian bug reference for the report back in 2023.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,5 +1,5 @@
CVE-2026-3904 [nscd client crash on x86_64 under high nscd load]
- - glibc 2.37-3
+ - glibc 2.36-9 (bug #1033931)
[bullseye] - glibc <not-affected> (Vulnerable code introduced later)
NOTE: https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2026-0004
NOTE: Introduced with: https://sourceware.org/git/?p=glibc.git;a=commit;h=8804157ad9da39631703b92315460808eac86b0c (glibc-2.36)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7028afc189b17f3106e117eef4b60b4da32ef9fa
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7028afc189b17f3106e117eef4b60b4da32ef9fa
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260311/58e91653/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list