-
elfutils (0.170-0.4ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: DoS via a crafted file
- debian/patches/CVE-2018-16062.patch: make sure there is enough data
to read full aranges header in libdw/dwarf_getaranges.c,
src/readelf.c.
- CVE-2018-16062
* SECURITY UPDATE: double free and application crash
- debian/patches/CVE-2018-16402.patch: return error if elf_compress_gnu
is used on SHF_COMPRESSED section in libelf/elf_compress_gnu.c,
libelf/libelf.h.
- CVE-2018-16402
* SECURITY UPDATE: incorrect end of the attributes list check
- debian/patches/CVE-2018-16403.patch: check end of attributes list
consistently in libdw/dwarf_getabbrev.c, libdw/dwarf_hasattr.c.
- CVE-2018-16403
* SECURITY UPDATE: invalid memory address dereference
- debian/patches/CVE-2018-18310.patch: sanity check partial core file
data reads in libdwfl/dwfl_segment_report_module.c.
- CVE-2018-18310
* SECURITY UPDATE: invalid memory address dereference
- debian/patches/CVE-2018-18520.patch: handle recursive ELF ar files in
src/size.c.
- CVE-2018-18520
* SECURITY UPDATE: divide by zero vulnerabilties
- debian/patches/CVE-2018-18521.patch: check that sh_entsize isn't zero
in src/arlib.c.
- CVE-2018-18521
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches/CVE-2019-7149.patch: check terminating NUL byte in
dwarf_getsrclines for dir/file table in libdw/dwarf_getsrclines.c,
src/readelf.c.
- CVE-2019-7149
* SECURITY UPDATE: incorrect truncated dyn data read handling
- debian/patches/CVE-2019-7150.patch: sanity check partial core file
dyn data read in libdwfl/dwfl_segment_report_module.c.
- CVE-2019-7150
* SECURITY UPDATE: heap-based buffer over-read
- debian/patches/CVE-2019-7665.patch: check NT_PLATFORM core notes
contain a zero terminated string in libdwfl/linux-core-attach.c,
libebl/eblcorenote.c, libebl/libebl.h, src/readelf.c.
- CVE-2019-7665
-- Marc Deslauriers <email address hidden> Fri, 07 Jun 2019 11:31:15 -0400
-
elfutils (0.170-0.4) unstable; urgency=medium
* Non-maintainer upload.
* Backport patches for DWARF locview support (Mark Wielaard).
-- Matthias Klose <email address hidden> Mon, 09 Apr 2018 14:21:19 +0200
-
elfutils (0.170-0.3) unstable; urgency=medium
* Non-maintainer upload.
* Add disable_werror.patch. (Closes: #886004)
-- Helmut Grohne <email address hidden> Sun, 28 Jan 2018 14:52:20 +0100
-
elfutils (0.170-0.2) unstable; urgency=medium
* Non-maintainer upload, acked by maintainer.
* libelf-dev,libdw-dev: Add missing dependencies for packages that
our pkg-config files requires (zlib1g-dev, liblzma-dev).
(Closes: #885071)
-- Andreas Henriksson <email address hidden> Sat, 30 Dec 2017 18:14:17 +0100
-
elfutils (0.170-0.1) unstable; urgency=medium
* Non-maintainer upload.
* New upstream release
* Fix fallthrough warnings exposed by GCC 7. Closes: #853387.
* Bump standards version.
* Configure with --disable-silent-rules.
* Update libdw1 symbols file.
-- Matthias Klose <email address hidden> Tue, 12 Sep 2017 00:07:19 +0200
