-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 27 Apr 2026 22:14:33 +0200
Source: glibc
Binary: glibc-doc glibc-source libc-l10n locales
Architecture: all
Version: 2.36-9+deb12u14
Distribution: bookworm
Urgency: medium
Maintainer: all Build Daemon (x86-csail-02) <buildd_all-x86-csail-02@buildd.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description:
 glibc-doc  - GNU C Library: Documentation
 glibc-source - GNU C Library: sources
 libc-l10n  - GNU C Library: localization files
 locales    - GNU C Library: National Language (locale) data [support]
Closes: 1125678 1125748 1126266 1131435 1131887 1132499
Changes:
 glibc (2.36-9+deb12u14) bookworm; urgency=medium
 .
   * debian/patches/git-updates.diff: update from upstream stable branch:
     - Fix a performance bottleneck with the Address Sanitizer (ASAN) on 32-bit
       arm.
     - Fix _dl_find_object when ld.so has LOAD segment gaps, causing wrong
       backtrace unwinding. This affects at least arm64.
     - Add GLIBC_ABI_DT_X86_64_PLT symbol version on amd64.
     - Fix typo in wmemset ifunc selector that caused AVX2/AVX512 paths to be
       skipped.
     - Fix POWER optimized rawmemchr function on ppc64el.
     - Optimize trylock for high cache contention workloads.
     - Fix and integer overflow in _int_memalign leading to heap corruption
       (CVE-2026-0861).  Closes: #1125678.
     - Fix stack contents leak in getnetbyaddr (CVE-2026-0915).  Closes:
       #1125748.
     - Fix bug in wordexp, which could return uninitialized memory when using
       WRDE_REUSE together with WRDE_APPEND (CVE-2025-15281).  Closes: #1126266.
     - Fix invalid pointer arithmetic in ANSI_X3.110 iconv module
     - Fix a typo preventing new tst-wordexp-reuse-mem to run
     - Fix incorrect handling of DNS responses in gethostbyaddr and
       gethostbyaddr_r (CVE-2026-4437).  Closes: #1131435.
     - Fix invalid DNS hostnames returned by gethostbyaddr and
       gethostbyaddr_r (CVE-2026-4438).  Closes: #1131887.
     - Fix random failure of tst-link-map-contiguous-ldso.
     - Fix a possible crash due to an assertion failure when converting
       inputs from the IBM139x character sets (CVE-2026-4046).  Closes:
       #1132499.
   * d/p/amd64/local-revert-x86-64-add-GLIBC_ABI_DT_X86_64_PLT-version.diff:
     revert addition of the GLIBC_ABI_DT_X86_64_PLT symbol version used as ABI
     flag, as the dpkg-shlibdeps version in bookworm is not able to handle it
     (see #1122107).
Checksums-Sha1:
 8a9fbce9dc0b6cf60808a4bdf6c4d3c521d9d277 3477872 glibc-doc_2.36-9+deb12u14_all.deb
 fe927b96c8d0fb7c102522b33e16e40f980d9c38 20486104 glibc-source_2.36-9+deb12u14_all.deb
 ec012ba488418added812520ffccf2d909dc0a69 11061 glibc_2.36-9+deb12u14_all-buildd.buildinfo
 e18203d25bf2fd8174ed420c1e90e73013d6c997 676384 libc-l10n_2.36-9+deb12u14_all.deb
 01f96198cab0393a57f686effc2f4d742998b71f 3906316 locales_2.36-9+deb12u14_all.deb
Checksums-Sha256:
 a581663c5ed7b93f781e52746f28885706f3d9fc6cd8755c18a56dfdf45fe6be 3477872 glibc-doc_2.36-9+deb12u14_all.deb
 8e9f57b1df23396b05cf5b1561fd83bd53dc01b86432fd2dc75ab7b48645c3b2 20486104 glibc-source_2.36-9+deb12u14_all.deb
 1b32e713a8655618c41f7519fac48f3070a0a6174127c9406f87bf70273cb335 11061 glibc_2.36-9+deb12u14_all-buildd.buildinfo
 95285badd0b02ca7e90e8f20d17c912170ffaeb48db10f113d1ece042b59248d 676384 libc-l10n_2.36-9+deb12u14_all.deb
 00c6e3d9456411ac78b199b577f25231be80186796ebdff65089240154ebbcb0 3906316 locales_2.36-9+deb12u14_all.deb
Files:
 4474b75382b77c55383305b96fd99b4b 3477872 doc optional glibc-doc_2.36-9+deb12u14_all.deb
 32fe169e319d14c0e5ff91c35ea169a8 20486104 devel optional glibc-source_2.36-9+deb12u14_all.deb
 b17034edc5fe72357d108905aeb9c216 11061 libs required glibc_2.36-9+deb12u14_all-buildd.buildinfo
 3561981816c606f3264e4c97ab1115f6 676384 localization standard libc-l10n_2.36-9+deb12u14_all.deb
 5fff9bc4314af0fd6afaed0a852fff0c 3906316 localization standard locales_2.36-9+deb12u14_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXLxUpUHQBQBTDtd4aBVi67oXtfkFAmn3wA0ACgkQaBVi67oX
tfmsVRAAj3kUuBcxRFBiIQEUStLGk6zXmds26sHKNGRLgT7xidPB+kc8KuHF/AGD
q39o9M1CLVLLgdAZYTAqJVpLPS2KqdhG1k+A2maCPdSnn6j7j4O+8pCkHX6uAE/D
3BTKPQPosAVgku7WhiZwc94CuQMQkvk//6nx/i1U7v3Pmj4f4K9w3fpaQKDP+8Op
6FOgrlcay5UWKhXL1jzxNZwqjuTsuQSlC729dfsty9oMLR4u7UekHyfVHY4QTQG/
2aPkpWufrYpdcBEIl+ckgyR/fezWT4EQcsFGqFiCEJsYEBv/PnKapP/Z360+5cRX
fnVRdsnWwEywxQFdkb8ZgCni9NpvwkLwLUMYLAdViyovKisvm0GO3Te5JdFisJNQ
iJfNM3gfq1qV12K5oBKeEau9rblOMnwAtDrc3/n/MUMaiZKudm+SJA+xFueL+7ne
KQb26hh3dDh+JqWlWcvoGGi0xH95W9KIDaQQKoINC1Gahuhc0ldDnTNj6vOASsfg
cC9yqy9eQtqGkHD0NSF+qIyuVqLpARxFyAvyYGHY1OAZh/EFO6C7r+xe1mrwDavx
TsFv0oHV2MoeMY5vXTZAJHlx075uevc0DvjWfI7Y+dYBo0jMyKOO+0/FeNpPQRqa
1selJUAKeonM/E5q+fVKY47vu8aPyT70Chu7U1eM65N38doXGnM=
=ju80
-----END PGP SIGNATURE-----