{"id":2224713,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2224713/?format=json","web_url":"http://patchwork.ozlabs.org/project/glibc/patch/20260417211448.2762539-1-carlos@redhat.com/","project":{"id":41,"url":"http://patchwork.ozlabs.org/api/1.1/projects/41/?format=json","name":"GNU C Library","link_name":"glibc","list_id":"libc-alpha.sourceware.org","list_email":"libc-alpha@sourceware.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260417211448.2762539-1-carlos@redhat.com>","date":"2026-04-17T21:14:38","name":"[COMMITTED] advisories: Update GLIBC-SA-2026-0007.","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"e4f234cac0c41d728d39677c82509626377508e7","submitter":{"id":22438,"url":"http://patchwork.ozlabs.org/api/1.1/people/22438/?format=json","name":"Carlos O'Donell","email":"carlos@redhat.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/glibc/patch/20260417211448.2762539-1-carlos@redhat.com/mbox/","series":[{"id":500403,"url":"http://patchwork.ozlabs.org/api/1.1/series/500403/?format=json","web_url":"http://patchwork.ozlabs.org/project/glibc/list/?series=500403","date":"2026-04-17T21:14:38","name":"[COMMITTED] advisories: Update GLIBC-SA-2026-0007.","version":1,"mbox":"http://patchwork.ozlabs.org/series/500403/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2224713/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2224713/checks/","tags":{},"headers":{"Return-Path":"<libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org>","X-Original-To":["incoming@patchwork.ozlabs.org","libc-alpha@sourceware.org"],"Delivered-To":["patchwork-incoming@legolas.ozlabs.org","libc-alpha@sourceware.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=gFFHsz0D;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org\n (client-ip=2620:52:6:3111::32; helo=vm01.sourceware.org;\n envelope-from=libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org;\n receiver=patchwork.ozlabs.org)","sourceware.org;\n\tdkim=pass (1024-bit key,\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=gFFHsz0D","sourceware.org; dmarc=pass (p=quarantine dis=none)\n header.from=redhat.com","sourceware.org; spf=pass smtp.mailfrom=redhat.com","server2.sourceware.org;\n arc=none smtp.remote-ip=170.10.133.124"],"Received":["from vm01.sourceware.org (vm01.sourceware.org\n [IPv6:2620:52:6:3111::32])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fy72K3d42z1yCv\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 18 Apr 2026 07:15:21 +1000 (AEST)","from vm01.sourceware.org (localhost [127.0.0.1])\n\tby sourceware.org (Postfix) with ESMTP id 8E8274D108F2\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 17 Apr 2026 21:15:19 +0000 (GMT)","from us-smtp-delivery-124.mimecast.com\n (us-smtp-delivery-124.mimecast.com [170.10.133.124])\n by sourceware.org (Postfix) with ESMTP id ECF034CCCA23\n for <libc-alpha@sourceware.org>; Fri, 17 Apr 2026 21:14:59 +0000 (GMT)","from mail-qk1-f199.google.com (mail-qk1-f199.google.com\n [209.85.222.199]) by relay.mimecast.com with ESMTP with STARTTLS\n (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id\n us-mta-88-ca_HjZ8rOk2zOZfLAaeB9g-1; Fri, 17 Apr 2026 17:14:58 -0400","by mail-qk1-f199.google.com with SMTP id\n af79cd13be357-8d5107ec672so312018185a.0\n for <libc-alpha@sourceware.org>; Fri, 17 Apr 2026 14:14:58 -0700 (PDT)","from codonell-thinkpadp16vgen1.rmtcaon.csb ([198.48.244.52])\n by smtp.gmail.com with ESMTPSA id\n af79cd13be357-8e7d69ae320sm245919785a.20.2026.04.17.14.14.55\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Fri, 17 Apr 2026 14:14:56 -0700 (PDT)"],"DKIM-Filter":["OpenDKIM Filter v2.11.0 sourceware.org 8E8274D108F2","OpenDKIM Filter v2.11.0 sourceware.org ECF034CCCA23"],"DMARC-Filter":"OpenDMARC Filter v1.4.2 sourceware.org ECF034CCCA23","ARC-Filter":"OpenARC Filter v1.0.0 sourceware.org ECF034CCCA23","ARC-Seal":"i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1776460500; cv=none;\n b=TgcgPOLLE+8Y885lmWz+Bh4S8jxWr0czcrXu7QuCdHsRz4PwN1OZXEFqae2dJ7QOvgce/AlJa1GT5JFWz8+eGogpw6Z55ZyCFup+N6hVpsnVIDEogk7wevZY+NDdH/ZBMN4kOQbiLF6QPkhRQCZFsSX710Orny7/I84Ivuprq6A=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=sourceware.org; s=key;\n t=1776460500; c=relaxed/simple;\n bh=qpYwOLQgsFOAC63T3uNJ3pOOLbwD1d33CPk+QRPhdjw=;\n h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version;\n b=jMMi5pdhvLlAd2mSi4v97IqGgK3uIqvC+VC69xbyLSGNoplszYFkpS9aqJHBzxIz6JNMTZmPQw4G7eSM+8b8bfDB4ermeGtNrj8v4qo/M4DVcnLubvTgftgfLkNE4dEFFfsw8sQNrRCBPWxbvgSZ53kTZ2du9kvlj8E13nQOFc8=","ARC-Authentication-Results":"i=1; server2.sourceware.org","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n s=mimecast20190719; t=1776460499;\n h=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n to:to:cc:cc:mime-version:mime-version:content-type:content-type:\n content-transfer-encoding:content-transfer-encoding;\n bh=bbL9Gw3XP/bbhnJivnUZOqt8yJ6sPen06ygSTLQ4f4Y=;\n b=gFFHsz0DNZSXCn9Lj3wVb0BNh0GPoTBih6O1mqsYRPUVr0bWf+GEia4glmMG8KhCqMnBBi\n ZKIE9PI6G1orBy3di/YAO+ShzvVJquk5xKwQ2h99Qy5tXbjifZCplRsarB67/JG9Jw9KtU\n ceXYyBd45igXb1oHjZr6WtEjw98hXvQ=","X-MC-Unique":"ca_HjZ8rOk2zOZfLAaeB9g-1","X-Mimecast-MFC-AGG-ID":"ca_HjZ8rOk2zOZfLAaeB9g_1776460498","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1776460497; x=1777065297;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n :message-id:reply-to;\n bh=bbL9Gw3XP/bbhnJivnUZOqt8yJ6sPen06ygSTLQ4f4Y=;\n b=LDoUbDpG1gLITTIOSn53F6xOkaIxs4EVFe/1ohhzZ0aP/kwbz/rb2X5NqMZjvYxOMe\n Iw6TUP0Owaelev6Mz1Q46JAcyvAGarL2ET+EZUayMHDnguS7hYc/SxUTpcR3WIsUr65D\n MbxSmiVAdoChcC1jP8YH92M9gEoAP7KWkr4TkMVdJHKhZu4YZKpIsSk/jD6KHr3NHXz1\n rPzzbYANF75GrdL7UVDbGNCTc8N4iRH/or24VUcCrSRiPCvGKhL+6KcabEtbdtwmvjdR\n frl1BpVDOTeoIZtjf4SFRXB5Yy6gu/R01CZ9LRPEUrQvwZNqtI8aspudYK0CBikXx5OY\n WgTA==","X-Gm-Message-State":"AOJu0Yz14CDdOYFbi9qFwZze1i5h7e+5Kni4eWg2KdV6J/v1bQ7ixnEH\n EqZqz/sSpZK6gwcmIg7KQvwd+Ig7l0BW8mKa+G3aJnRUc2y5eysGLZ2ZsBCAn8onkFUuXJpy/w7\n Uf+HOmBvlMVrfQwTt9qWtdvwHXi6jScDfaVvtLOdVQmBbQ97lXLPBGiIf1XJXHb0udCHDLkCUp8\n cJMNM7lbw3klsCwSVXYtP34LMvcgcxa2YtjY8CBJKUgTc=","X-Gm-Gg":"AeBDiesJjkchWebJ5uZBvUBiHZ+nepkRjDaEVU59PGBOXvb8zHWis83VL4tBb35kvay\n 74WPgqeUiLDRMMdmRwkr2BaQ5Nh4rzE6ChUhFjIYLLoJJj/iUTapQS04LodYiMMTDsu4h/XMBVX\n wmHebPvLXcE89WB61sBZiWHXyVvtnc/iQBlY7vbULis0paLp2T/pqfLupF5FQ9EjiZNO9OrKMpW\n 6X3EEKoKac3pjX4+3f0mV50+ROAYs/JG5bLhV/mAJt/2G4hCp7lFNLL3QR3zb7ssXH4S91+Xn9I\n 876Vv8TwbYlEiBtzrPcZsU8BoFGn77FT0Pe4FUQn5dQZKOsKHBO8SjjBHfKOLpa26YO65Xnpkg5\n g5uBjgrZ1q3G7mYJwsWAhv+Blvq3KCKZf8n0BKgnnQy2wtCPde8DzmFmcMw0kwLA/Ybi7NcLVK0\n iyvs+L8cnsuMbn5DD5pb6OK8uMoCZ1ZJA+zSVRubwK9hDe0Y2iDlmYJfDePbj7zw==","X-Received":["by 2002:a05:620a:410c:b0:8cd:80f1:f465 with SMTP id\n af79cd13be357-8e78fd21364mr679987885a.21.1776460497083;\n Fri, 17 Apr 2026 14:14:57 -0700 (PDT)","by 2002:a05:620a:410c:b0:8cd:80f1:f465 with SMTP id\n af79cd13be357-8e78fd21364mr679982585a.21.1776460496540;\n Fri, 17 Apr 2026 14:14:56 -0700 (PDT)"],"From":"Carlos O'Donell <carlos@redhat.com>","To":"libc-alpha@sourceware.org,\n\tfweimer@redhat.com","Cc":"Carlos O'Donell <carlos@redhat.com>","Subject":"[COMMITTED] advisories: Update GLIBC-SA-2026-0007.","Date":"Fri, 17 Apr 2026 17:14:38 -0400","Message-ID":"<20260417211448.2762539-1-carlos@redhat.com>","X-Mailer":"git-send-email 2.53.0","MIME-Version":"1.0","X-Mimecast-Spam-Score":"0","X-Mimecast-MFC-PROC-ID":"5xBkqcxlGJ2eVtfiJSyxssKJ-gAGJ0JqTLnu2vkeJSQ_1776460498","X-Mimecast-Originator":"redhat.com","Content-Transfer-Encoding":"8bit","content-type":"text/plain; charset=\"US-ASCII\"; x-default=true","X-BeenThere":"libc-alpha@sourceware.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Libc-alpha mailing list <libc-alpha.sourceware.org>","List-Unsubscribe":"<https://sourceware.org/mailman/options/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>","List-Archive":"<https://sourceware.org/pipermail/libc-alpha/>","List-Post":"<mailto:libc-alpha@sourceware.org>","List-Help":"<mailto:libc-alpha-request@sourceware.org?subject=help>","List-Subscribe":"<https://sourceware.org/mailman/listinfo/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=subscribe>","Errors-To":"libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org"},"content":"Update NEWS to include GLIBC-SA-2026-0007.\n---\n NEWS                          | 4 ++++\n advisories/GLIBC-SA-2026-0007 | 1 +\n 2 files changed, 5 insertions(+)","diff":"diff --git a/NEWS b/NEWS\nindex c6e9a83923..d72c1efccb 100644\n--- a/NEWS\n+++ b/NEWS\n@@ -42,6 +42,10 @@ found in the advisories directory of the release tarball:\n     gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames\n     (CVE-2026-4438)\n \n+  GLIBC-SA-2026-0007:\n+    iconv crash due to assertion failure with untrusted input\n+    (CVE-2026-4046)\n+\n The following bugs were resolved with this release:\n \n   [The release manager will add the list generated by\ndiff --git a/advisories/GLIBC-SA-2026-0007 b/advisories/GLIBC-SA-2026-0007\nindex b960525e7f..b880fb5544 100644\n--- a/advisories/GLIBC-SA-2026-0007\n+++ b/advisories/GLIBC-SA-2026-0007\n@@ -11,4 +11,5 @@ and IBM1399 character sets from systems that do not need them.\n CVE-Id: CVE-2026-4046\n Public-Date: 2026-03-12\n Vulnerable-Commit: 0ecb606cb6cf65de1d9fc8a919bceb4be476c602 (2.3.3-1501)\n+Fix-Commit: d6f08d1cf027f4eb2ba289a6cc66853722d4badc (2.44)\n Reported-by: Rocket Ma\n","prefixes":["COMMITTED"]}