{"id":2231092,"url":"http://patchwork.ozlabs.org/api/1.2/covers/2231092/?format=json","web_url":"http://patchwork.ozlabs.org/project/glibc/cover/cover.1777546194.git.fweimer@redhat.com/","project":{"id":41,"url":"http://patchwork.ozlabs.org/api/1.2/projects/41/?format=json","name":"GNU C Library","link_name":"glibc","list_id":"libc-alpha.sourceware.org","list_email":"libc-alpha@sourceware.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<cover.1777546194.git.fweimer@redhat.com>","list_archive_url":null,"date":"2026-04-30T10:51:34","name":"[0/5] Fixes for CVE-2026-5435, CVE-2026-6238","submitter":{"id":14312,"url":"http://patchwork.ozlabs.org/api/1.2/people/14312/?format=json","name":"Florian Weimer","email":"fweimer@redhat.com"},"mbox":"http://patchwork.ozlabs.org/project/glibc/cover/cover.1777546194.git.fweimer@redhat.com/mbox/","series":[{"id":502273,"url":"http://patchwork.ozlabs.org/api/1.2/series/502273/?format=json","web_url":"http://patchwork.ozlabs.org/project/glibc/list/?series=502273","date":"2026-04-30T10:51:34","name":"Fixes for CVE-2026-5435, CVE-2026-6238","version":1,"mbox":"http://patchwork.ozlabs.org/series/502273/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/covers/2231092/comments/","headers":{"Return-Path":"<libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org>","X-Original-To":["incoming@patchwork.ozlabs.org","libc-alpha@sourceware.org"],"Delivered-To":["patchwork-incoming@legolas.ozlabs.org","libc-alpha@sourceware.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=SJNFKb9E;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org\n (client-ip=2620:52:6:3111::32; helo=vm01.sourceware.org;\n envelope-from=libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org;\n receiver=patchwork.ozlabs.org)","sourceware.org;\n\tdkim=pass (1024-bit key,\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=SJNFKb9E","sourceware.org; dmarc=pass (p=quarantine dis=none)\n header.from=redhat.com","sourceware.org; spf=pass smtp.mailfrom=redhat.com","server2.sourceware.org;\n arc=none smtp.remote-ip=170.10.133.124"],"Received":["from vm01.sourceware.org (vm01.sourceware.org\n [IPv6:2620:52:6:3111::32])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g5rb66Xnwz1yGq\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 30 Apr 2026 20:52:02 +1000 (AEST)","from vm01.sourceware.org (localhost [127.0.0.1])\n\tby sourceware.org (Postfix) with ESMTP id 6B6734371D69\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 30 Apr 2026 10:52:00 +0000 (GMT)","from us-smtp-delivery-124.mimecast.com\n (us-smtp-delivery-124.mimecast.com [170.10.133.124])\n by sourceware.org (Postfix) with ESMTP id 824EB4371D64\n for <libc-alpha@sourceware.org>; Thu, 30 Apr 2026 10:51:40 +0000 (GMT)","from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com\n (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by\n relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,\n cipher=TLS_AES_256_GCM_SHA384) id us-mta-478-knitDXxiNA272lySFpU4GQ-1; Thu,\n 30 Apr 2026 06:51:38 -0400","from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com\n (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS\n id 00D3E18004AD\n for <libc-alpha@sourceware.org>; Thu, 30 Apr 2026 10:51:38 +0000 (UTC)","from fweimer-oldenburg.csb.redhat.com (unknown [10.44.48.4])\n by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with\n ESMTPS\n id 4D6161800446\n for <libc-alpha@sourceware.org>; Thu, 30 Apr 2026 10:51:36 +0000 (UTC)"],"DKIM-Filter":["OpenDKIM Filter v2.11.0 sourceware.org 6B6734371D69","OpenDKIM Filter v2.11.0 sourceware.org 824EB4371D64"],"DMARC-Filter":"OpenDMARC Filter v1.4.2 sourceware.org 824EB4371D64","ARC-Filter":"OpenARC Filter v1.0.0 sourceware.org 824EB4371D64","ARC-Seal":"i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1777546300; cv=none;\n b=UCDkQuKvxfejQpsn4AVT9hnBiqzN53RiMcXRa4e2baI5yrLEPX20/UgI0hJyO1YifxY8EZmoF+RhZbRYUkH9PnXdWnYMvcpF8jrI27qskpPhmeM156PgASi3elVAHLSwK2IVuJwN0oCNT0Hc+BvP2pEQ5aFqlGleGpYlJoH8Irk=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=sourceware.org; s=key;\n t=1777546300; c=relaxed/simple;\n bh=Kra5ImuYlMRO0dlFoi0bRxVPcrZ0B6rzZnSsKVckkl8=;\n h=DKIM-Signature:From:To:Subject:Message-ID:Date:MIME-Version;\n b=a2UOqBMUmPVFBestX6wUUdkDCmcBFl5TH3A/AJkxyr8KuqbV7AC27r8AsO8Bfk0Nnb4PhZiTx+zkl1189/dFU3LUPuTfirEpp9OWXcbusg8TLToctd6IJXX/dAPUdYfJJlKRuEviQQTUocLn7Te8/sdiVnlg+IyjY8DWRsgNQN4=","ARC-Authentication-Results":"i=1; server2.sourceware.org","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n s=mimecast20190719; t=1777546300;\n h=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n to:to:cc:mime-version:mime-version:content-type:content-type;\n bh=HZanmWBU8YRBbVECoOym5/B05i6Aq6DQrj9AD88e88M=;\n b=SJNFKb9E4Xwr9nl2GwDdc9IBxxkzmrA5WV92/mcQnhaKHIZ94YWm/G2/+piiipPwCQltEK\n CpenuSMz0QL2WVKY1wQmEfW6PGoB3l5B/P0hj45tuIe1gB+XeDD+aBG1x20NeNjCN2LHzf\n UBxTjcxxmvwZWwU+/aVbRSvHwDDg+fE=","X-MC-Unique":"knitDXxiNA272lySFpU4GQ-1","X-Mimecast-MFC-AGG-ID":"knitDXxiNA272lySFpU4GQ_1777546298","From":"Florian Weimer <fweimer@redhat.com>","To":"libc-alpha@sourceware.org","Subject":"[PATCH 0/5] Fixes for CVE-2026-5435, CVE-2026-6238","Message-ID":"<cover.1777546194.git.fweimer@redhat.com>","X-From-Line":"c0191a0afbfd6837bc7bc1b2695eaacf3e41b0fe Mon Sep 17 00:00:00 2001","Date":"Thu, 30 Apr 2026 12:51:34 +0200","User-Agent":"Gnus/5.13 (Gnus v5.13)","MIME-Version":"1.0","X-Scanned-By":"MIMEDefang 3.4.1 on 10.30.177.111","X-Mimecast-Spam-Score":"0","X-Mimecast-MFC-PROC-ID":"9hDoR_7hLbtqXYoNeq6dZXHcpd9iNnuET2GarWPwKPg_1777546298","X-Mimecast-Originator":"redhat.com","Content-Type":"text/plain","X-BeenThere":"libc-alpha@sourceware.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Libc-alpha mailing list <libc-alpha.sourceware.org>","List-Unsubscribe":"<https://sourceware.org/mailman/options/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>","List-Archive":"<https://sourceware.org/pipermail/libc-alpha/>","List-Post":"<mailto:libc-alpha@sourceware.org>","List-Help":"<mailto:libc-alpha-request@sourceware.org?subject=help>","List-Subscribe":"<https://sourceware.org/mailman/listinfo/libc-alpha>,\n <mailto:libc-alpha-request@sourceware.org?subject=subscribe>","Errors-To":"libc-alpha-bounces~incoming=patchwork.ozlabs.org@sourceware.org"},"content":"CVE-2026-6238 has multiple vulnerable commits across different glibc\nversions.  Technically, this means the CVE ID should be SPLIT.  I'm not\nsure if this is worthwhile because I doubt people care about glibc\nbefore version 2.7.\n\nThanks,\nFlorian\n\nFlorian Weimer (5):\n  Update GLIBC-SA-2026-0012 to mention A6 records\n  resolv: Check for inet_ntop failure in ns_sprintrrf\n  resolv: Remove incorrect parts of TSIG handling from ns_sprintrrf\n    (CVE-2026-5435)\n  resolv: Fix buffer overreads in ns_sprintrrf (CVE-2026-6238)\n  resolv: Add test case tst-ns_sprintrr (bug 34033, bug 34069)\n\n advisories/GLIBC-SA-2026-0012 |   4 +-\n resolv/Makefile               |   2 +\n resolv/ns_print.c             |  46 ++---\n resolv/tst-ns_sprintrr.c      | 322 ++++++++++++++++++++++++++++++++++\n 4 files changed, 352 insertions(+), 22 deletions(-)\n create mode 100644 resolv/tst-ns_sprintrr.c\n\n\nbase-commit: dbc2b380fac027fed5db6ae864e4accf9f82a3fd"}