Debian Bug report logs -
#688951
binutils: CVE-2012-3509
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Thu, 27 Sep 2012 09:36:02 UTC
Severity: important
Tags: patch, security
Fixed in version binutils/2.22-8
Done: Matthias Klose <doko@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Matthias Klose <doko@debian.org>:
Bug#688951; Package binutils.
(Thu, 27 Sep 2012 09:36:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Matthias Klose <doko@debian.org>.
(Thu, 27 Sep 2012 09:36:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: binutils
Severity: important
Tags: security
This is fixed in experimental, but unfixed in sid/testing:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3509
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Matthias Klose <doko@debian.org>:
Bug#688951; Package binutils.
(Tue, 05 Feb 2013 20:36:13 GMT) (full text, mbox, link).
Acknowledgement sent
to Arne Wichmann <aw@anhrefn.saar.de>:
Extra info received and forwarded to list. Copy sent to Matthias Klose <doko@debian.org>.
(Tue, 05 Feb 2013 20:36:13 GMT) (full text, mbox, link).
Message #10 received at 688951@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tag 688951 + patch
thanks
Hi.
The relevant patch is
http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=191413
cu
AW
--
[...] If you don't want to be restricted, don't agree to it. If you are
coerced, comply as much as you must to protect yourself, just don't support
it. Noone can free you but yourself. (crag, on Debian Planet)
Arne Wichmann (aw@linux.de)
[signature.asc (application/pgp-signature, inline)]
Added tag(s) patch.
Request was from Arne Wichmann <aw@anhrefn.saar.de>
to control@bugs.debian.org.
(Tue, 05 Feb 2013 20:36:15 GMT) (full text, mbox, link).
Reply sent
to Matthias Klose <doko@debian.org>:
You have taken responsibility.
(Sat, 23 Feb 2013 02:51:47 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Sat, 23 Feb 2013 02:51:47 GMT) (full text, mbox, link).
Message #17 received at 688951-close@bugs.debian.org (full text, mbox, reply):
Source: binutils
Source-Version: 2.22-8
We believe that the bug you reported is fixed in the latest version of
binutils, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 688951@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthias Klose <doko@debian.org> (supplier of updated binutils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 23 Feb 2013 02:28:11 +0100
Source: binutils
Binary: binutils binutils-dev binutils-multiarch binutils-gold binutils-hppa64 binutils-spu binutils-doc binutils-source
Architecture: source all amd64
Version: 2.22-8
Distribution: unstable
Urgency: low
Maintainer: Matthias Klose <doko@debian.org>
Changed-By: Matthias Klose <doko@debian.org>
Description:
binutils - GNU assembler, linker and binary utilities
binutils-dev - GNU binary utilities (BFD development files)
binutils-doc - Documentation for the GNU assembler, linker and binary utilities
binutils-gold - GNU gold linker utility
binutils-hppa64 - GNU assembler, linker and binary utilities targeted for hppa64-li
binutils-multiarch - Binary utilities that support multi-arch targets
binutils-source - GNU assembler, linker and binary utilities (source)
binutils-spu - GNU assembler, linker and binary utilities targeted for spu-elf
Closes: 688951
Changes:
binutils (2.22-8) unstable; urgency=low
.
* Fix PR other/54411: integer overflow in objalloc_alloc.
CVE-2012-3509. Closes: #688951.
Checksums-Sha1:
f12560e8ab0f05d3e0d75c58d5821671930d8f0a 1690 binutils_2.22-8.dsc
489190650145b0661efaecb81b65400a8727dee1 131140 binutils_2.22-8.diff.gz
bec24c6a40909fa57491251a8bc5bcea152f96e9 581660 binutils-doc_2.22-8_all.deb
01b0a9af3668bde6b81420e7b5d60a572715264b 14705190 binutils-source_2.22-8_all.deb
3d1fb7c57aa32ef5a122cb832a9f83de7e3b2a71 4799776 binutils_2.22-8_amd64.deb
3789318d04177e6a65fc12e0708d1100625a3fb0 4515576 binutils-dev_2.22-8_amd64.deb
7606d7c7d0f92fb21b90bd551f5bc7a06f9cfd05 2241522 binutils-multiarch_2.22-8_amd64.deb
1e2cbd2af050e16b75f961559746251d56ded2d7 1388 binutils-gold_2.22-8_amd64.deb
Checksums-Sha256:
9851457df71b244bf8cd0d92f4cd82f5c76c9d8eca049f202f556d7e04879104 1690 binutils_2.22-8.dsc
fbb161e7fab25d347a31ea2dd13a4da241a1a4af1d9080d9f1c412e163d8ec67 131140 binutils_2.22-8.diff.gz
5dbf7ca6c222c237d48fed68d6c04ebe1c259d299177f0e6d6efbc8dc713d1be 581660 binutils-doc_2.22-8_all.deb
41969dfc3c092de36007ef0c9bb59732989b4f94396d85958cbedbc787e62ff8 14705190 binutils-source_2.22-8_all.deb
af964da7cda4e134ba39b492d5608ab70146054cf4f9999f3967ce4e2a2e652d 4799776 binutils_2.22-8_amd64.deb
1e1c5705999cbebb2ac1e60c4346e80e4160062fd95b4ecb89290fa6bae0e251 4515576 binutils-dev_2.22-8_amd64.deb
d0ab58be6f78c95471dc0195f85fa3f996a5be8da0391a86b73cbd3ebdbd6921 2241522 binutils-multiarch_2.22-8_amd64.deb
a00a6d8e8cdd93a6ae39914c8ba42b5cfb37fb4194adc3d26586b8645955964c 1388 binutils-gold_2.22-8_amd64.deb
Files:
1344f562b7b8cb3f755ff8e52bf5e5d7 1690 devel optional binutils_2.22-8.dsc
59f2dc1b773f264c3c24351d1aae9b33 131140 devel optional binutils_2.22-8.diff.gz
1e8a4082692b413a8364eee3265c2e3c 581660 doc optional binutils-doc_2.22-8_all.deb
0a6f42f98eb272e74da0f18c6872f396 14705190 devel optional binutils-source_2.22-8_all.deb
11ff1f1d331c608aebb6d2585d601522 4799776 devel optional binutils_2.22-8_amd64.deb
8cc14fb0e01dd38ce07be9b2d856d8cb 4515576 devel extra binutils-dev_2.22-8_amd64.deb
96ffcab7e861357438b1aefa7f0b8211 2241522 devel extra binutils-multiarch_2.22-8_amd64.deb
2b48591f98acdeeac025bb1863848004 1388 devel extra binutils-gold_2.22-8_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlEoJO0ACgkQStlRaw+TLJzXEQCeOs12WGQkuXoY/dEuTTMk3VwF
nL0An0C2tIphKsY0H7U2S2rYX1FdJMJ5
=vtqD
-----END PGP SIGNATURE-----
Bug 688951 cloned as bug 702402
Request was from Stephen Kitt <steve@sk2.org>
to control@bugs.debian.org.
(Wed, 06 Mar 2013 05:57:03 GMT) (full text, mbox, link).
Bug 688951 cloned as bug 702407
Request was from Stephen Kitt <steve@sk2.org>
to control@bugs.debian.org.
(Wed, 06 Mar 2013 06:57:07 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 03 Apr 2013 07:27:57 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:57:50 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon