Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-9038 CVE-2017-9043 CVE-2017-9039 CVE-2017-9040 CVE-2017-9041 CVE-2017-9042

Source

Debian Bug report logs - #863674
CVE-2017-9038 to CVE-2017-9043

Package: binutils; Maintainer for binutils is Matthias Klose <doko@debian.org>; Source for binutils is src:binutils (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Mon, 29 May 2017 21:21:04 UTC

Severity: important

Tags: fixed-upstream, security, upstream

Fixed in version 2.29-1

Done: Matthias Klose <doko@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Matthias Klose <doko@debian.org>:
Bug#863674; Package binutils. (Mon, 29 May 2017 21:21:07 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Matthias Klose <doko@debian.org>. (Mon, 29 May 2017 21:21:07 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: binutils
Severity: important
Tags: security

From https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/  :

CVE-2017-9038:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d

CVE-2017-9039:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5

CVE-2017-9040:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf

CVE-2017-9041:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3

CVE-2017-9042:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf

CVE-2017-9043:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54

Cheers,
        Moritz

Added tag(s) fixed-upstream and upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Tue, 30 May 2017 04:21:03 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#863674; Package binutils. (Thu, 15 Jun 2017 15:48:02 GMT) (full text, mbox, link).

Acknowledgement sent to Matthias Klose <doko@debian.org>:
Extra info received and forwarded to list. (Thu, 15 Jun 2017 15:48:02 GMT) (full text, mbox, link).

Message #12 received at 863674@bugs.debian.org (full text, mbox, reply):

do you have any links for eventual backports to the 2.28 branch? it looks like
the fixes for pr 21378 and pr 21379 can't be backported.  Did Gentoo backport
these?  I'm uploading binutils now, with the not-applying patches included in
the upload.

Information forwarded to debian-bugs-dist@lists.debian.org, Matthias Klose <doko@debian.org>:
Bug#863674; Package binutils. (Thu, 15 Jun 2017 16:27:03 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Matthias Klose <doko@debian.org>. (Thu, 15 Jun 2017 16:27:03 GMT) (full text, mbox, link).

Message #17 received at 863674@bugs.debian.org (full text, mbox, reply):

On Thu, Jun 15, 2017 at 05:45:28PM +0200, Matthias Klose wrote:
> do you have any links for eventual backports to the 2.28 branch? it looks like
> the fixes for pr 21378 and pr 21379 can't be backported.  Did Gentoo backport
> these?  I'm uploading binutils now, with the not-applying patches included in
> the upload.

I'm not aware of 2.28 backports, no.

Cheers,
        Moritz

Reply sent to Matthias Klose <doko@debian.org>:
You have taken responsibility. (Wed, 26 Jul 2017 09:09:12 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Wed, 26 Jul 2017 09:09:12 GMT) (full text, mbox, link).

Message #22 received at 863674-done@bugs.debian.org (full text, mbox, reply):

Version: 2.29-1

now fixed in unstable.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 25 Aug 2017 07:29:56 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:42:39 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-9038 to CVE-2017-9043

Debian Bug report logs - #863674
CVE-2017-9038 to CVE-2017-9043

Vulmon Search

About

Products

Connect

CVE-2017-9038 to CVE-2017-9043

Debian Bug report logs - #863674 CVE-2017-9038 to CVE-2017-9043

Vulmon Search

About

Products

Connect

Debian Bug report logs - #863674
CVE-2017-9038 to CVE-2017-9043