Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Multiple security issues in libiberty

Related Vulnerabilities: CVE-2016-6131   CVE-2016-4493   CVE-2016-4492   CVE-2016-4491   CVE-2016-4490   CVE-2016-4489   CVE-2016-4488   CVE-2016-4487   CVE-2016-2226  

Source

Debian Bug report logs - #840358
Multiple security issues in libiberty

version graph

Package: ht; Maintainer for ht is Anton Gladky <gladk@debian.org>; Source for ht is src:ht (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Mon, 10 Oct 2016 21:39:02 UTC

Severity: grave

Tags: fixed-upstream, security, upstream

Found in version ht/2.1.0-1

Fixed in version ht/2.1.0+repack1-1

Done: Anton Gladky <gladk@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Anton Gladky <gladk@debian.org>:
Bug#840358; Package ht. (Mon, 10 Oct 2016 21:39:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Anton Gladky <gladk@debian.org>. (Mon, 10 Oct 2016 21:39:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Multiple security issues in libiberty
Date: Mon, 10 Oct 2016 23:35:43 +0200
Package: ht
Severity: grave
Tags: security

ht embeds a copy of libiberty, which was affected by several
vulneranbilities:

https://security-tracker.debian.org/tracker/CVE-2016-6131
https://security-tracker.debian.org/tracker/CVE-2016-4493
https://security-tracker.debian.org/tracker/CVE-2016-4492
https://security-tracker.debian.org/tracker/CVE-2016-4491
https://security-tracker.debian.org/tracker/CVE-2016-4490
https://security-tracker.debian.org/tracker/CVE-2016-4489
https://security-tracker.debian.org/tracker/CVE-2016-4488
https://security-tracker.debian.org/tracker/CVE-2016-4487
https://security-tracker.debian.org/tracker/CVE-2016-2226

Cheers,
        Moritz

Added tag(s) fixed-upstream and upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 11 Oct 2016 04:33:02 GMT) (full text, mbox, link).

Marked as found in versions ht/2.1.0-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 11 Oct 2016 04:33:04 GMT) (full text, mbox, link).

Reply sent to Anton Gladky <gladk@debian.org>:
You have taken responsibility. (Thu, 13 Oct 2016 23:00:03 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Thu, 13 Oct 2016 23:00:03 GMT) (full text, mbox, link).

Message #14 received at 840358-close@bugs.debian.org (full text, mbox, reply):

From: Anton Gladky <gladk@debian.org>
To: 840358-close@bugs.debian.org
Subject: Bug#840358: fixed in ht 2.1.0+repack1-1
Date: Thu, 13 Oct 2016 22:56:25 +0000
Source: ht
Source-Version: 2.1.0+repack1-1

We believe that the bug you reported is fixed in the latest version of
ht, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 840358@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Anton Gladky <gladk@debian.org> (supplier of updated ht package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 13 Oct 2016 23:24:45 +0200
Source: ht
Binary: ht
Architecture: source
Version: 2.1.0+repack1-1
Distribution: unstable
Urgency: critical
Maintainer: Anton Gladky <gladk@debian.org>
Changed-By: Anton Gladky <gladk@debian.org>
Description:
 ht         - Viewer/editor/analyser (mostly) for executables
Closes: 840358
Changes:
 ht (2.1.0+repack1-1) unstable; urgency=critical
 .
   * [384c0d4] New upstream version 2.1.0+repack1
   * [38ec499] Use packaged version of libiberty instead of embedded.
               (Closes: #840358)
               CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490
               CVE-2016-4491 CVE-2016-4492 CVE-2016-4493 CVE-2016-2226
               CVE-2016-6131
   * [b2c2049] Remove info-file.
   * [19ad75b] Set flags in Makefile to link packaged libiberty.
   * [60f8762] Apply cme fix-dpkg.
Checksums-Sha1:
 8729b12ba6575bd11e2bc383855cfebef1a9985e 1893 ht_2.1.0+repack1-1.dsc
 c4690a8b07ce457d66a5f5b466fd42059e34adb3 676472 ht_2.1.0+repack1.orig.tar.xz
 464adf77b02533736f8c4ace49880d67465c5e94 7944 ht_2.1.0+repack1-1.debian.tar.xz
Checksums-Sha256:
 4247e12782df14d12ffca975ba79e20ef124278de68084105ebf76ff9092f370 1893 ht_2.1.0+repack1-1.dsc
 0b593019a42ddca5f494dc47c239577a281c87089abd66991a1258fc6ca67dac 676472 ht_2.1.0+repack1.orig.tar.xz
 500c3a7dd01ab97ec9cede4ab74f76ea74f237e00533b44b3f537fdc92f4d130 7944 ht_2.1.0+repack1-1.debian.tar.xz
Files:
 db7131ed25e873d865be668e242b1551 1893 devel optional ht_2.1.0+repack1-1.dsc
 325319dd02eb3b730e44da74c22276fd 676472 devel optional ht_2.1.0+repack1.orig.tar.xz
 0941b80bd01d78aad8ee41008715e9c2 7944 devel optional ht_2.1.0+repack1-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJX//0BAAoJENPhc4PPp/8GImMP/A1yvrBXI2qfXeStTj7Z8Mjl
jha5iF7dsGl16YcxfxSM/nGS807NQAPdOXNgfMQNqY/UqeIUgNg3Al6XTSd7aDyd
4pVL/FP5pUB6tKd4onhW42Z/vmL6Wwe8GHvRfufWCxXmwpw9D5vF5zFraY/3Eea8
GAkOt0m6+KXMKSBuZfy+3pmigdrU3N010sl4aML70mk/lz7wwJudm8yqmUFZ5s3+
FtBD/feVNQwXBslJpUpnQOMpaNSXlcab2b993n5L6jHKN4hS6PZXqHdD/1BSCE7H
4jv54CMh0w7yaA5Iv22i6s7twF3uu+oNceiAfAMEnlxXJodz/3f7+bN5/gyRKEZw
aZPF+smKeRpuYMCeQht5hukOAy8UlXckOomRpWfS6f3Z6c0Vd9eCdmf27jabz8xa
Cv30WVup685ffE+pJABdMRmP4dtqqk/6p5PdkX4lREHrF3HIwQMRO/mjbOiPHgAr
cgmTAKQAUgCv4rEhOsiTfyaKbVM+xGM6SNe4PueT/YJYw928MDSHvFIiKJPldvIp
g7J+WtdwTEoPiYuLvA8CzknLWTRgK2+J5jqtnmFG5DU0zaOeqhnK/5IqLxD+TufV
0SBgxqcnWmk/C3bCNJcSfF557dkpPEKcal4xVJMOuSTe7P9iPzyhB3zDVL07MRPG
67U+DpMu7BEOR4zM52jO
=nKXd
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 12 Nov 2016 07:34:23 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:47:57 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started