binutils: CVE-2017-6965

Debian Bug report logs - #858264
binutils: CVE-2017-6965

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2017-6969 CVE-2017-6966 CVE-2017-6965

Date: Mon, 20 Mar 2017 14:01:59 +0100

Package: binutils
Version: 2.28-2
Severity: important
Tags: security

Please see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6969
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6966
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6965

Cheers,
        Moritz

Message #10 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 858256@bugs.debian.org

Cc: control@bugs.debian.org, Debian Bug Tracking System <submit@bugs.debian.org>

Subject: Re: Bug#858256: CVE-2017-6969 CVE-2017-6966 CVE-2017-6965

Date: Mon, 20 Mar 2017 15:22:01 +0100

Hello!

For easier tracking of the individual issues I clone this one to three bugs.

Regards,
Salvatore

Message #32 received at 858264-close@bugs.debian.org (full text, mbox, reply):

From: Matthias Klose <doko@debian.org>

To: 858264-close@bugs.debian.org

Subject: Bug#858264: fixed in binutils 2.28-3

Date: Wed, 05 Apr 2017 16:19:10 +0000

Source: binutils
Source-Version: 2.28-3

We believe that the bug you reported is fixed in the latest version of
binutils, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 858264@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Klose <doko@debian.org> (supplier of updated binutils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 05 Apr 2017 17:48:03 +0200
Source: binutils
Binary: binutils binutils-dev binutils-multiarch binutils-multiarch-dev binutils-hppa64-linux-gnu binutils-doc binutils-source binutils-s390x-linux-gnu binutils-powerpc64le-linux-gnu binutils-powerpc-linux-gnu binutils-aarch64-linux-gnu binutils-arm-linux-gnueabihf binutils-arm-linux-gnueabi binutils-mips-linux-gnu binutils-mipsel-linux-gnu binutils-alpha-linux-gnu binutils-hppa-linux-gnu binutils-m68k-linux-gnu binutils-mips64-linux-gnuabi64 binutils-mips64el-linux-gnuabi64 binutils-powerpc-linux-gnuspe binutils-powerpc64-linux-gnu binutils-sh4-linux-gnu binutils-sparc64-linux-gnu binutils-mips64-linux-gnuabin32 binutils-mips64el-linux-gnuabin32
Architecture: source
Version: 2.28-3
Distribution: unstable
Urgency: medium
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Matthias Klose <doko@debian.org>
Description:
 binutils   - GNU assembler, linker and binary utilities
 binutils-aarch64-linux-gnu - GNU binary utilities, for aarch64-linux-gnu target
 binutils-alpha-linux-gnu - GNU binary utilities, for alpha-linux-gnu target
 binutils-arm-linux-gnueabi - GNU binary utilities, for arm-linux-gnueabi target
 binutils-arm-linux-gnueabihf - GNU binary utilities, for arm-linux-gnueabihf target
 binutils-dev - GNU binary utilities (BFD development files)
 binutils-doc - Documentation for the GNU assembler, linker and binary utilities
 binutils-hppa-linux-gnu - GNU binary utilities, for hppa-linux-gnu target
 binutils-hppa64-linux-gnu - GNU assembler, linker and binary utilities targeted for hppa64-li
 binutils-m68k-linux-gnu - GNU binary utilities, for m68k-linux-gnu target
 binutils-mips-linux-gnu - GNU binary utilities, for mips-linux-gnu target
 binutils-mips64-linux-gnuabi64 - GNU binary utilities, for mips64-linux-gnuabi64 target
 binutils-mips64-linux-gnuabin32 - GNU binary utilities, for mips64-linux-gnuabin32 target
 binutils-mips64el-linux-gnuabi64 - GNU binary utilities, for mips64el-linux-gnuabi64 target
 binutils-mips64el-linux-gnuabin32 - GNU binary utilities, for mips64el-linux-gnuabin32 target
 binutils-mipsel-linux-gnu - GNU binary utilities, for mipsel-linux-gnu target
 binutils-multiarch - Binary utilities that support multi-arch targets
 binutils-multiarch-dev - GNU binary utilities that support multi-arch targets (BFD develop
 binutils-powerpc-linux-gnu - GNU binary utilities, for powerpc-linux-gnu target
 binutils-powerpc-linux-gnuspe - GNU binary utilities, for powerpc-linux-gnuspe target
 binutils-powerpc64-linux-gnu - GNU binary utilities, for powerpc64-linux-gnu target
 binutils-powerpc64le-linux-gnu - GNU binary utilities, for powerpc64le-linux-gnu target
 binutils-s390x-linux-gnu - GNU binary utilities, for s390x-linux-gnu target
 binutils-sh4-linux-gnu - GNU binary utilities, for sh4-linux-gnu target
 binutils-source - GNU assembler, linker and binary utilities (source)
 binutils-sparc64-linux-gnu - GNU binary utilities, for sparc64-linux-gnu target
Closes: 857017 858256 858263 858264 858323 858324 859503
Changes:
 binutils (2.28-3) unstable; urgency=medium
 .
   * Update, taken from the 2.28 branch 20170405.
     - RISC-V updates.
     - Fix PR binutils/21303 (PPC), objdump doesn't show e200z4 insns.
     - S/390: Remove vx2 facility flag.
     - Update -maltivec and -mvsx options to only enable their oldest
       instructions (PPC).
     - Add support for the new 'lnia' extended mnemonic (PPC).
     - Fix ld uninitialized read of script ASSERT data structure.
   * Fix incorrect library search order on PowerPC, taken from the trunk.
   * Fix PR ld/21233 (MIPS only), taken from the trunk. Closes: #857017.
   * Fix a french translation. Closes: #859503.
   * Fix PR binutils/21157, handling of corrupt STABS enum type strings.
     Closes: #858324. CVE-2017-7210.
   * Fix PR binutils/21137, readelf writing to illegal addresses.
     Closes: #858264. CVE-2017-6965.
   * Fix PR binutils/21156, illegal memory accesses in readelf.
     Closes: #858256. CVE-2017-6969.
   * Fix PR binutils/21139, read-after-free error in readelf.
     Closes: #858263. CVE-2017-6966.
   * Fix PR binutils/21135, invalid read of section contents.
     Closes: #858323. CVE-2017-7209.
   * Fix PR demangler/70909, libiberty Demangler segfaults. CVE-2016-4491.
Checksums-Sha1:
 7efe950699d03b49eda3939742cae429b76df0b8 4374 binutils_2.28-3.dsc
 6205e40272a07936dc6fb619c8a2a902abb96948 220910 binutils_2.28-3.diff.gz
 611efc013e995e0eb9f4deb5863e0ad989dfc52b 6320 binutils_2.28-3_source.buildinfo
Checksums-Sha256:
 bbc1f2473bd4e38819f83b846d9a707abdfd04583a2d5033b6e23bc244c1efe2 4374 binutils_2.28-3.dsc
 c2b39e4cc0b71539708a8b666f7ca996fec8ea4b76f8207a1590f8c557386b9d 220910 binutils_2.28-3.diff.gz
 2a11b10c55454c441ecdcbc3181483f39211d05ed6d6cf74d272e21e430be131 6320 binutils_2.28-3_source.buildinfo
Files:
 8cf58331a647cb74c69c2d35e26d6418 4374 devel optional binutils_2.28-3.dsc
 d657891357665cac58dd9e04ad083b80 220910 devel optional binutils_2.28-3.diff.gz
 b8ef4adbb4be3aebad3885081931fd70 6320 devel optional binutils_2.28-3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCAAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAljlFQYQHGRva29AZGVi
aWFuLm9yZwAKCRC9fqpgd4+m9TYNEACQLhoyiAyzPUvj2iQkOSVhPko9Z4CwLW0G
JPaQFaNrUUBGlNLr5tDE3WJmdUVnif/LT90/eL/rCJsyqSsb4t+SH6TQRAUPkbG9
jhaIohDURbIAweRGHJk37zBxGJ8Zegx/5IOILIdMtBazqo04qRh83HBUOOBGdZ+L
Z8kr/jEj9KKrjS/xHqP68dgTauOQI/RIhk1CmpyxOuQlgFC3xR1J5XO7V4vWgWO+
3MXzU5py6DPxHNpXRfnsz5Pk9kxDWg4Ux8r5FPz7FB6hCCUqPCdhgkB8jBejdfox
Uiej1gsQsLm8iFGPR0tJYy6vdwjYAKdQCPan6K+Ptjh6EgmrGnW+ervWuQFcbJZ2
uAi6o8gwmPps+wu0x5CVtkW/MgqBgmdch9ypjUzZbEl8n3HQVBQZL1hwKgPlqyew
SrfKDMw/oDh+rzPqE8q5pCxw6UZQeaRj38bN/6NFPfbOfC64uuUto/3VVvPW6Z7r
7UudtdrpGX5jlHa5O3srYOLCaTKgM2Y4guxXi+NT8EvArrOr7SMq85VJlkWnwLEL
CFeBv4anCowMhWx/Z1/n7gdiSvQ+7Id95YAfTwRu+3oMu4yxHSSwufgqKYfiU2iW
ge97tKF69uO/15rskmR0j/F2Q3vjikyhLiZt6NgGXGKxcsSKQ1GU5L8fxru8skkP
cNMvOi7wAw==
=uwy+
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.