Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2231093/?format=api
{ "id": 2231093, "url": "http://patchwork.ozlabs.org/api/patches/2231093/?format=api", "web_url": "http://patchwork.ozlabs.org/project/glibc/patch/3a2b6ed629ccc8bf33644220d58fe3bfc94da09f.1777546194.git.fweimer@redhat.com/", "project": { "id": 41, "url": "http://patchwork.ozlabs.org/api/projects/41/?format=api", "name": "GNU C Library", "link_name": "glibc", "list_id": "libc-alpha.sourceware.org", "list_email": "libc-alpha@sourceware.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<3a2b6ed629ccc8bf33644220d58fe3bfc94da09f.1777546194.git.fweimer@redhat.com>", "list_archive_url": null, "date": "2026-04-30T10:51:58", "name": "[1/5] Update GLIBC-SA-2026-0012 to mention A6 records", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "14087f83658db6c1317d60554f7679a5c8cc95c1", "submitter": { "id": 14312, "url": "http://patchwork.ozlabs.org/api/people/14312/?format=api", "name": "Florian Weimer", "email": "fweimer@redhat.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/glibc/patch/3a2b6ed629ccc8bf33644220d58fe3bfc94da09f.1777546194.git.fweimer@redhat.com/mbox/", "series": [ { "id": 502273, "url": "http://patchwork.ozlabs.org/api/series/502273/?format=api", "web_url": "http://patchwork.ozlabs.org/project/glibc/list/?series=502273", "date": "2026-04-30T10:51:34", "name": "Fixes for CVE-2026-5435, CVE-2026-6238", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/502273/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2231093/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2231093/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "libc-alpha@sourceware.org" ], "Delivered-To": [ "patchwork-incoming@legolas.ozlabs.org", "libc-alpha@sourceware.org" ], "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=YCGFr+bW;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org\n (client-ip=2620:52:6:3111::32; helo=vm01.sourceware.org;\n envelope-from=libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org;\n receiver=patchwork.ozlabs.org)", "sourceware.org;\n\tdkim=pass (1024-bit key,\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=YCGFr+bW", "sourceware.org; dmarc=pass (p=quarantine dis=none)\n header.from=redhat.com", "sourceware.org; spf=pass smtp.mailfrom=redhat.com", "server2.sourceware.org;\n arc=none smtp.remote-ip=170.10.133.124" ], "Received": [ "from vm01.sourceware.org (vm01.sourceware.org\n [IPv6:2620:52:6:3111::32])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g5rbf40rFz1yGq\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 30 Apr 2026 20:52:30 +1000 (AEST)", "from vm01.sourceware.org (localhost [127.0.0.1])\n\tby sourceware.org (Postfix) with ESMTP id 7BA664310D7E\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 30 Apr 2026 10:52:28 +0000 (GMT)", "from us-smtp-delivery-124.mimecast.com\n (us-smtp-delivery-124.mimecast.com [170.10.133.124])\n by sourceware.org (Postfix) with ESMTP id 9A5BD436F7FD\n for <libc-alpha@sourceware.org>; Thu, 30 Apr 2026 10:52:03 +0000 (GMT)", "from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com\n (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by\n relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,\n cipher=TLS_AES_256_GCM_SHA384) id us-mta-488-xZpkl2fnPfixqCqJ1oQNJg-1; Thu,\n 30 Apr 2026 06:52:02 -0400", "from mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com\n (mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.4])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS\n id 325121800350\n for <libc-alpha@sourceware.org>; Thu, 30 Apr 2026 10:52:01 +0000 (UTC)", "from fweimer-oldenburg.csb.redhat.com (unknown [10.44.48.4])\n by mx-prod-int-01.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with\n ESMTPS\n id 7BAFA300019F\n for <libc-alpha@sourceware.org>; Thu, 30 Apr 2026 10:52:00 +0000 (UTC)" ], "DKIM-Filter": [ "OpenDKIM Filter v2.11.0 sourceware.org 7BA664310D7E", "OpenDKIM Filter v2.11.0 sourceware.org 9A5BD436F7FD" ], "DMARC-Filter": "OpenDMARC Filter v1.4.2 sourceware.org 9A5BD436F7FD", "ARC-Filter": "OpenARC Filter v1.0.0 sourceware.org 9A5BD436F7FD", "ARC-Seal": "i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1777546323; cv=none;\n b=Yef3LXf6Wnb7Vpt5KUDnHTvZA0eVF2brHx9MN5hehhidOH+EmOaqAAJt72L6vNFZT7ju5B/o7om1A/gI7uGtcQI9vqf8fYqKwWeTk/SlWLnwE+rZ49YPFe8duRWeXq6GrtquqZH+Lseru1VB7pM3GoN2et7i8X5rMD+bc/CfUZA=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=sourceware.org; s=key;\n t=1777546323; c=relaxed/simple;\n bh=JjWvppBx6PSx15cVvyDa3r366/EpfWW1tWU8xc3bpKs=;\n h=DKIM-Signature:From:To:Subject:Message-ID:Date:MIME-Version;\n b=ACOFK86VEWBECbus/0PDN4118kbfgteQDMjcwM+l3jCNdKVpoYEOYalqaJKXiA+g4RDiKCMbIp7liZMU0DsmdDPVakSPH0JXGQ0N/rgW8loE8E5ckwLXwS94vvY8ZMBJ/G37fJKHX5BELx456HlQ2eDfwYIJR+fY7r6oI9oQO8s=", "ARC-Authentication-Results": "i=1; server2.sourceware.org", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n s=mimecast20190719; t=1777546323;\n h=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n to:to:cc:mime-version:mime-version:content-type:content-type:\n in-reply-to:in-reply-to:references:references;\n bh=mN64txNhqZPugORMmqrnPjd2KPkU4pSpmLEDoAQJgDE=;\n b=YCGFr+bW2fPuk/+c4pwHYsk1NsYNSjTIb3yRaKwOlIKgRq7Bqb+BsVvHze/JH6MnARfHHW\n KmiJw8hhEMJj60g82QuWXMhEczMY0/KlMShfAbVN/pKKonx78T7l94BEnRqFnMiMchoyIC\n fR91fcXyBZocGVH0fbTqtTq1JOL6vLI=", "X-MC-Unique": "xZpkl2fnPfixqCqJ1oQNJg-1", "X-Mimecast-MFC-AGG-ID": "xZpkl2fnPfixqCqJ1oQNJg_1777546321", "From": "Florian Weimer <fweimer@redhat.com>", "To": "libc-alpha@sourceware.org", "Subject": "[PATCH 1/5] Update GLIBC-SA-2026-0012 to mention A6 records", "In-Reply-To": "<cover.1777546194.git.fweimer@redhat.com>", "Message-ID": "\n <3a2b6ed629ccc8bf33644220d58fe3bfc94da09f.1777546194.git.fweimer@redhat.com>", "References": "<cover.1777546194.git.fweimer@redhat.com>", "X-From-Line": "3a2b6ed629ccc8bf33644220d58fe3bfc94da09f Mon Sep 17 00:00:00 2001", "Date": "Thu, 30 Apr 2026 12:51:58 +0200", "User-Agent": "Gnus/5.13 (Gnus v5.13)", "MIME-Version": "1.0", "X-Scanned-By": "MIMEDefang 3.4.1 on 10.30.177.4", "X-Mimecast-Spam-Score": "0", "X-Mimecast-MFC-PROC-ID": "PTp5OC-p7altvGb8NUxIrBvQbfThJi0UDgr1X4ez5P4_1777546321", "X-Mimecast-Originator": "redhat.com", "Content-Type": "text/plain", "X-BeenThere": "libc-alpha@sourceware.org", "X-Mailman-Version": "2.1.30", "Precedence": "list", "List-Id": "Libc-alpha mailing list <libc-alpha.sourceware.org>", "List-Unsubscribe": "<https://sourceware.org/mailman/options/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>", "List-Archive": "<https://sourceware.org/pipermail/libc-alpha/>", "List-Post": "<mailto:libc-alpha@sourceware.org>", "List-Help": "<mailto:libc-alpha-request@sourceware.org?subject=help>", "List-Subscribe": "<https://sourceware.org/mailman/listinfo/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=subscribe>", "Errors-To": "libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org" }, "content": "It turns out there is a missing inner length check in it, too.\n\nAlso fix the vulnerable commit. It predates the glibc 2.0 release\nbecause the old stream-based formatting code in resolv/res_debug.c had\nthe same bug in its LOC handling.\n---\n advisories/GLIBC-SA-2026-0012 | 4 ++--\n 1 file changed, 2 insertions(+), 2 deletions(-)", "diff": "diff --git a/advisories/GLIBC-SA-2026-0012 b/advisories/GLIBC-SA-2026-0012\nindex 6f8f00ddd7..926ca16102 100644\n--- a/advisories/GLIBC-SA-2026-0012\n+++ b/advisories/GLIBC-SA-2026-0012\n@@ -2,7 +2,7 @@ Buffer overread in ns_printrrf with corrupted RDATA field\n \n The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the\n GNU C Library version 2.2 and newer fail to validate the RDATA content\n-against the RDATA length in a DNS response when processing LOC, CERT,\n+against the RDATA length in a DNS response when processing A6, CERT, LOC,\n TKEY or TSIG records, which may allow an attacker to craft a DNS\n response, causing a target application to crash or read uninitialized\n memory.\n@@ -15,4 +15,4 @@ interfaces since they may be removed in future versions.\n \n CVE-Id: CVE-2026-6238\n Public-Date: 2026-04-11\n-Vulnerable-Commit: b43b13ac2544b11f35be301d1589b51a8473e32b (2.2)\n+Vulnerable-Commit: ee188d555b8c32ad9704a7440cab400af967292f (1.90)\n", "prefixes": [ "1/5" ] }