Accepted elfutils 0.168-1+deb9u1 (source) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 30 Oct 2021 14:54:50 +0300
Source: elfutils
Binary: elfutils libelf1 libelf-dev libdw-dev libdw1 libasm1 libasm-dev
Architecture: source
Version: 0.168-1+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Kurt Roeckx <kurt@roeckx.be>
Changed-By: Adrian Bunk <bunk@debian.org>
Description:
elfutils - collection of utilities to handle ELF objects
libasm-dev - libasm development libraries and header files
libasm1 - library with a programmable assembler interface
libdw-dev - libdw1 development libraries and header files
libdw1 - library that provides access to the DWARF debug information
libelf-dev - libelf1 development libraries and header files
libelf1 - library to read and write ELF files
Changes:
elfutils (0.168-1+deb9u1) stretch-security; urgency=medium
.
* Non-maintainer upload by the LTS team.
* CVE-2018-16062: dwarf_getaranges in dwarf_getaranges.c in libdw
allowed a denial of service (heap-based buffer over-read) via a
crafted file.
* CVE-2018-16402: libelf/elf_end.c in allowed to cause a denial of
service (double free and application crash) because it tried to
decompress twice.
* CVE-2018-18310: An invalid memory address dereference libdwfl
allowed a denial of service (application crash) via a crafted file.
* CVE-2018-18520: A use-after-free in recursive ELF ar files
allowed a denial of service (application crash) via a crafted file.
* CVE-2018-18521: A divide-by-zero in arlib_add_symbols()
allowed a denial of service (application crash) via a crafted file.
* CVE-2019-7150: A segmentation fault could occur due to
dwfl_segment_report_module() not checking whether the dyn data read
from a core file is truncated.
* CVE-2019-7665: NT_PLATFORM core notes contain a zero terminated string
allowed a denial of service (application crash) via a crafted file.
Checksums-Sha1:
e1c1b1d1f6dbf600135f01de71bf2ee9c1c45fdd 2577 elfutils_0.168-1+deb9u1.dsc
53e486ddba572cf872d32e9aad4d7d7aa6e767ff 6840399 elfutils_0.168.orig.tar.bz2
5326af61e2ecf811ef1ede808f9e788219295fc3 473 elfutils_0.168.orig.tar.bz2.asc
b081223558e85655a95da2c5ba441c55b7cfe627 43980 elfutils_0.168-1+deb9u1.debian.tar.xz
Checksums-Sha256:
5336e12c7d182d15d822804858eaceba84a3eb4c4f70238d7930f43cff8dc8cb 2577 elfutils_0.168-1+deb9u1.dsc
b88d07893ba1373c7dd69a7855974706d05377766568a7d9002706d5de72c276 6840399 elfutils_0.168.orig.tar.bz2
f455fc014b59a0d80ab921935d20f26e64f411a424d4be29ec5bf3a1378f3002 473 elfutils_0.168.orig.tar.bz2.asc
e41f9b7b8843d2a8d67ee3cd90bf12d4349aa96e0bbc3e6c2b49be9fab773bea 43980 elfutils_0.168-1+deb9u1.debian.tar.xz
Files:
7f455f34cab32ec30e44db0dfce33535 2577 libs optional elfutils_0.168-1+deb9u1.dsc
52adfa40758d0d39e5d5c57689bf38d6 6840399 libs optional elfutils_0.168.orig.tar.bz2
7305e2dd0db220864ad7aa674d47c0e2 473 libs optional elfutils_0.168.orig.tar.bz2.asc
d72ee47eeb2fa98ef3959df766ff7bb6 43980 libs optional elfutils_0.168-1+deb9u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmF9p1oACgkQiNJCh6LY
mLHXlhAArxGvy0x8fxAQlbZmGDCBWW3mFJBegnxLuUKPjqhudv1rp+5VlCV6SjrY
Seeuacp7ZWVt5caHTHXkIqG+IxYjMMpKP+8pKko/FPB0zxY0VAnaecy1vnG/h2kH
ovjS749xyADNcoG6XBRHKDY/iKfZpgIuE2o8O/oONCtCmNLHyFixdMosXtpQrnMj
GfyoGukXivS04h6EqXxosQRAP2jRBN8WCmp9uNX3M7XfUyXEfm1YAZ5V+dULDyJg
cCizlwq/16S7IlLzFe2QBxYIjiVJrhXaZ+Ghs7e5J+3pUJn5CSBn1+OnnIKVYSj2
+cSzRzPSE/wE0bFHp17W8Pmm0F8TWyAypUNR70xwCJyWTW77U5ghOKg0XkBL3cjo
5Dg78sxDWh8d9X+1r3ngZe9U3RfaybW0xSjwoRYHi1QL429MjljqyYqtIlXIKuHZ
/j4woEnHADNwAtFwnxvBlCqA259WgQn59U6/NjDXIKoYLIg8yuelgG45mWGz6UaD
dgJRP1yMQYzN5vpIfFSnd9g00nKnVMI68YgHUixI/yqqJc/VzMKzH04whAOvxyyJ
2RAkB1sWVOcU2H3p7OxwGoAyAKlz7KXxYDZT3QuNOMnLioEhBWkM0FZxbzyUNhrm
ztp1acEFI3C+0DO5QLx6NUOwffXq77KV3V/xYYGE/RxgYEOxiLc=
=+xdS
-----END PGP SIGNATURE-----