Debian Bug report logs -
#840889
libiberty: CVE-2016-6131
Reported by: gladk@debian.org
Date: Sat, 15 Oct 2016 19:12:07 UTC
Severity: important
Tags: patch, security
Found in versions libiberty/20141014-1, libiberty/20161011-1
Fixed in version libiberty/20161017-1
Done: Matthias Klose <doko@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian GCC Maintainers <debian-gcc@lists.debian.org>:
Bug#840889; Package src:libiberty.
(Sat, 15 Oct 2016 19:12:10 GMT) (full text, mbox, link).
Acknowledgement sent
to gladk@debian.org:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian GCC Maintainers <debian-gcc@lists.debian.org>.
(Sat, 15 Oct 2016 19:12:10 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: libiberty
Version: 20161011-1
Severity: important
Tags: security patch
Dear maintainer,
as noted here [1], two CVEs CVE-2016-4491 CVE-2016-6131 were
not were not fixed by a previous upload, because upstream
did not include the corresponding patches.
I have prepared a patch, which will be attached in the next mail.
[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840360#19
Thanks,
Anton
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian GCC Maintainers <debian-gcc@lists.debian.org>:
Bug#840889; Package src:libiberty.
(Sat, 15 Oct 2016 19:21:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Anton Gladky <gladk@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian GCC Maintainers <debian-gcc@lists.debian.org>.
(Sat, 15 Oct 2016 19:21:06 GMT) (full text, mbox, link).
Message #10 received at 840889@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 840889 +pending
thanks
Dear maintainer,
I have prepared an NMU (versioned as 20161011-1.1) and
uploaded to DELAYED/10.
Please fell free to tell me if I should delay it longer, cancel
or reschedule. Diff is attached.
Best regards
Anton
[nmu.diff (text/plain, attachment)]
Added tag(s) pending.
Request was from Anton Gladky <gladk@debian.org>
to control@bugs.debian.org.
(Sat, 15 Oct 2016 19:21:08 GMT) (full text, mbox, link).
Marked as found in versions libiberty/20141014-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sun, 16 Oct 2016 05:45:03 GMT) (full text, mbox, link).
Reply sent
to Matthias Klose <doko@debian.org>:
You have taken responsibility.
(Mon, 17 Oct 2016 10:33:07 GMT) (full text, mbox, link).
Notification sent
to gladk@debian.org:
Bug acknowledged by developer.
(Mon, 17 Oct 2016 10:33:07 GMT) (full text, mbox, link).
Message #19 received at 840889-close@bugs.debian.org (full text, mbox, reply):
Source: libiberty
Source-Version: 20161017-1
We believe that the bug you reported is fixed in the latest version of
libiberty, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 840889@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthias Klose <doko@debian.org> (supplier of updated libiberty package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 17 Oct 2016 11:37:08 +0200
Source: libiberty
Binary: libiberty-dev
Architecture: source
Version: 20161017-1
Distribution: unstable
Urgency: medium
Maintainer: Debian GCC Maintainers <debian-gcc@lists.debian.org>
Changed-By: Matthias Klose <doko@debian.org>
Description:
libiberty-dev - library of utility functions used by GNU programs
Closes: 840889
Changes:
libiberty (20161017-1) unstable; urgency=medium
.
* Update to 20161017 (CVE-2016-6131). Closes: #840889.
* Don't apply "fixes" which are not yet accepted upstream.
Checksums-Sha1:
ddb8a9ed0b3275167a0f941875f7f07790f34b4f 1806 libiberty_20161017-1.dsc
15bc44e07f48d1f5e5fe8a7e2116b624c5ddc822 1110536 libiberty_20161017.orig.tar.xz
719c00dda5c533911d45412e6af972f0c5c8c98e 4232 libiberty_20161017-1.debian.tar.xz
Checksums-Sha256:
6273de1d5fcfff272f6b1062f75793641d2227e65775655d6a93b66e2ca4b7ac 1806 libiberty_20161017-1.dsc
8baf4543156267835650f26f9eb54cb65a9a0de695ab5733d8212bdfa4c35ebf 1110536 libiberty_20161017.orig.tar.xz
28e4bbc7449599ce6f86b37c545ea5ce67b872f4d88a93a9ec2def85c40ec1e7 4232 libiberty_20161017-1.debian.tar.xz
Files:
d8d5a228cc417fc7322308370e1ec932 1806 libdevel optional libiberty_20161017-1.dsc
4946afdda7edb0e8990954df1aa6740f 1110536 libdevel optional libiberty_20161017.orig.tar.xz
2bf911ade7950dbaef20b3482ef7d935 4232 libdevel optional libiberty_20161017-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQItBAEBCAAXBQJYBJy1EBxkb2tvQGRlYmlhbi5vcmcACgkQvX6qYHePpvVvYBAA
yIgikH73WuHWWbjsNa7CMCSl6/0s7m1FBiE5KoEEXdPVTEKh4jiET/kcZfuotuk5
RMJFJqDg7t0huVXe762NqX/zDLGMKTb3/F+3DGecX2LD+PYWkJFfF30DhMhzI3RX
DRoXW1/4lW7/QKj1ZHFT61h44ODl1057E1YE/LX4zNpMCYdB+kXS45AMVONkQke4
fZ9ygDRUS3emcgUlZWpRgD3ovNKMYWr1w+FQlrr6lBeHxwrnKlz9e8BkvhI73zzS
PPCu0xgBxJFNVlKCJPApw/FAEERz7OGjSdN71Fq0kCk1YY8J27BnKprIrhGicZ76
SvPJ6gSl8ftkC/dl8Tma1OLZXk6ZBzqo386EjVKlO8wJEiVluJP1nv8zaL7xrA/D
cDHzUzstQ/H8CHYIkj84z67nhqrnamTBMb2f+z/PDZvnrQ0BJ0D78zqn13mZygaT
2wmJJnuhHhtOK6ifkhZVC9CBvJx89CTqHFOE/Tdvd2kFx73jGMPDVDp3pQbZ7Q0M
5UkS9KowhIKna23D8pjNLtFK5mQ/Ev4X1HFZfQ3GtTNVBn0GljCG1chTm1J1iAl4
On6O6LCIzxg+K1BM3xIK7nsyIJLlevghzbLZrrkaiexJcoXAKDn6gmDwTTzwCg95
mb2aYMC8pRYmeKvaAdGIoXv7nwU73XJpdG9Hx0Oj6Eo=
=8vvp
-----END PGP SIGNATURE-----
Changed Bug title to 'libiberty: CVE-2016-6131' from 'CVE-2016-4491 and CVE-2016-6131 not fixed in libiberty_20161011-1'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 17 Oct 2016 17:45:05 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 05 Dec 2016 11:29:14 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Don Armstrong <don@debian.org>
to control@bugs.debian.org.
(Wed, 07 Dec 2016 02:00:58 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 28 Jan 2017 07:43:14 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:06:24 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon