Debian Bug report logs -
#863674
CVE-2017-9038 to CVE-2017-9043
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 29 May 2017 21:21:04 UTC
Severity: important
Tags: fixed-upstream, security, upstream
Fixed in version 2.29-1
Done: Matthias Klose <doko@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Matthias Klose <doko@debian.org>
:
Bug#863674
; Package binutils
.
(Mon, 29 May 2017 21:21:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Matthias Klose <doko@debian.org>
.
(Mon, 29 May 2017 21:21:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: binutils
Severity: important
Tags: security
From https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes/ :
CVE-2017-9038:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d
CVE-2017-9039:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5
CVE-2017-9040:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf
CVE-2017-9041:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3
CVE-2017-9042:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf
CVE-2017-9043:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54
Cheers,
Moritz
Added tag(s) fixed-upstream and upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Tue, 30 May 2017 04:21:03 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org
:
Bug#863674
; Package binutils
.
(Thu, 15 Jun 2017 15:48:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Matthias Klose <doko@debian.org>
:
Extra info received and forwarded to list.
(Thu, 15 Jun 2017 15:48:02 GMT) (full text, mbox, link).
Message #12 received at 863674@bugs.debian.org (full text, mbox, reply):
do you have any links for eventual backports to the 2.28 branch? it looks like
the fixes for pr 21378 and pr 21379 can't be backported. Did Gentoo backport
these? I'm uploading binutils now, with the not-applying patches included in
the upload.
Information forwarded
to debian-bugs-dist@lists.debian.org, Matthias Klose <doko@debian.org>
:
Bug#863674
; Package binutils
.
(Thu, 15 Jun 2017 16:27:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>
:
Extra info received and forwarded to list. Copy sent to Matthias Klose <doko@debian.org>
.
(Thu, 15 Jun 2017 16:27:03 GMT) (full text, mbox, link).
Message #17 received at 863674@bugs.debian.org (full text, mbox, reply):
On Thu, Jun 15, 2017 at 05:45:28PM +0200, Matthias Klose wrote:
> do you have any links for eventual backports to the 2.28 branch? it looks like
> the fixes for pr 21378 and pr 21379 can't be backported. Did Gentoo backport
> these? I'm uploading binutils now, with the not-applying patches included in
> the upload.
I'm not aware of 2.28 backports, no.
Cheers,
Moritz
Reply sent
to Matthias Klose <doko@debian.org>
:
You have taken responsibility.
(Wed, 26 Jul 2017 09:09:12 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug acknowledged by developer.
(Wed, 26 Jul 2017 09:09:12 GMT) (full text, mbox, link).
Message #22 received at 863674-done@bugs.debian.org (full text, mbox, reply):
Version: 2.29-1
now fixed in unstable.
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Fri, 25 Aug 2017 07:29:56 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:42:39 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.