Bug#790830: marked as done (libunwind: CVE-2015-3239: off-by-one in dwarf_to_unw_regnum())

[Debian Bug Tracking System]

Your message dated Sat, 25 Jul 2015 03:36:22 +0000
with message-id <e1ziqg6-0001gx...@franck.debian.org>
and subject line Bug#790830: fixed in libunwind 1.1-4
has caused the Debian Bug report #790830,
regarding libunwind: CVE-2015-3239: off-by-one in dwarf_to_unw_regnum()
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
790830: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790830
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: libunwind
Version: 0.99-0.3
Severity: normal
Tags: security upstream fixed-upstream

Hi,

the following vulnerability was published for libunwind.

CVE-2015-3239[0]:
off-by-one in dwarf_to_unw_regnum()

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-3239
[1] 
http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1232265

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: libunwind
Source-Version: 1.1-4

We believe that the bug you reported is fixed in the latest version of
libunwind, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 790...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daigo Moriwaki <da...@debian.org> (supplier of updated libunwind package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 04 Jul 2015 11:06:50 +0900
Source: libunwind
Binary: libunwind-dev libunwind8-dev libunwind8 libunwind8-dbg 
libunwind-setjmp0-dev libunwind-setjmp0 libunwind-setjmp0-dbg
Architecture: source amd64
Version: 1.1-4
Distribution: unstable
Urgency: medium
Maintainer: Daigo Moriwaki <da...@debian.org>
Changed-By: Daigo Moriwaki <da...@debian.org>
Description:
 libunwind-dev - library to determine the call-chain of a program - development
 libunwind-setjmp0 - libunwind-based non local goto - runtime
 libunwind-setjmp0-dbg - libunwind-based non local goto - runtime
 libunwind-setjmp0-dev - libunwind-based non local goto - development
 libunwind8 - library to determine the call-chain of a program - runtime
 libunwind8-dbg - library to determine the call-chain of a program - runtime
 libunwind8-dev - library to determine the call-chain of a program - development
Closes: 790830
Changes:
 libunwind (1.1-4) unstable; urgency=medium
 .
   * Fix off-by-one in dwarf_to_unw_regnum(), applying an upstream patch
     396b6c7ab737e2bff244d640601c436a26260ca1.
     (Closes: #790830) (CVE-2015-3239)
   * debian/control: Bump up Standards-Version to 3.9.6
Checksums-Sha1:
 aacb72eb434651e0bd8f3dde10911d6a7644e322 2899 libunwind_1.1-4.dsc
 e50cce7fedf85f045ff9efc260bafd8cdfe513e3 24108 libunwind_1.1-4.debian.tar.xz
 3ad29395b8131e364bd81a27fd3b82bb81ef8af4 373914 libunwind-dev_1.1-4_amd64.deb
 0370acf4b7a7ad3faffde52f75cdbe1308042f69 17164 
libunwind-setjmp0-dbg_1.1-4_amd64.deb
 06a2979eae1c3498f85523dbe309be2698c55528 18708 
libunwind-setjmp0-dev_1.1-4_amd64.deb
 e04873a69667a209a9226331800489af306a2708 10442 
libunwind-setjmp0_1.1-4_amd64.deb
 01af12786c530543b2f824b3e1db7c82ebb927a3 303486 libunwind8-dbg_1.1-4_amd64.deb
 380f718890fd818b44adae67521c59ba158bd0fc 7348 libunwind8-dev_1.1-4_amd64.deb
 b8b97c9ca6a1dbb0933e823b089d07a919aa635a 50806 libunwind8_1.1-4_amd64.deb
Checksums-Sha256:
 359932667cec4c61a39bd0e4cf6f6f7f1fbb4c76ce676ad3ad9d1717ad6a6ee1 2899 
libunwind_1.1-4.dsc
 d05e69a8a157ee6f2ed12ba304ac7b0b383db4ef4558d5b13e545ec61e472b74 24108 
libunwind_1.1-4.debian.tar.xz
 ba88c883d4c96ba2d667c7789a8e43f2c68c103b953cc64ed71f43a7a4bc5c1a 373914 
libunwind-dev_1.1-4_amd64.deb
 61b240b8117a6b33b787b355af1e5fa82938621aee73f6d328fc7e3e8a3fa59c 17164 
libunwind-setjmp0-dbg_1.1-4_amd64.deb
 e5c42f724a5cb5244ab630d7a82dc66493029b6627d5b135f84f0150e6e97e2d 18708 
libunwind-setjmp0-dev_1.1-4_amd64.deb
 92654ad27a5cccb5d3609852434c460ddc16ce3780730b31ec3f29ceb0fb3bc3 10442 
libunwind-setjmp0_1.1-4_amd64.deb
 fbf1f47b931c21a9c5b4ded54949eaaa704f13ecf5f74ef23544306aaf1c3a6d 303486 
libunwind8-dbg_1.1-4_amd64.deb
 695e3d5eb65e0b6b3369dcee3f12e04234c4eba245486980b2b271e9abf6a1af 7348 
libunwind8-dev_1.1-4_amd64.deb
 fd7621e379ddbb06ea44ee4033fbaef7941e5ddfd626aee7ae73e6619b5b7c8c 50806 
libunwind8_1.1-4_amd64.deb
Files:
 fbcdaf91c297ac2093ac7ed390e698b3 2899 libs optional libunwind_1.1-4.dsc
 26a1bc2425cef288bf63c6605d9d8255 24108 libs optional 
libunwind_1.1-4.debian.tar.xz
 1efac341ca0bd3158f2d48acb84fc7b5 373914 libdevel optional 
libunwind-dev_1.1-4_amd64.deb
 0730dc2d21fb206aa4b67df76f9c91c6 17164 debug extra 
libunwind-setjmp0-dbg_1.1-4_amd64.deb
 5f09204f706e012225082928cef9161a 18708 libdevel optional 
libunwind-setjmp0-dev_1.1-4_amd64.deb
 66152dabd1eed0cf3ab05f42e906a06a 10442 libs optional 
libunwind-setjmp0_1.1-4_amd64.deb
 5f798d9afc00e495ee8270acad9b889e 303486 debug extra 
libunwind8-dbg_1.1-4_amd64.deb
 a8503dd310560ba58608ce671c8c94a2 7348 libdevel optional 
libunwind8-dev_1.1-4_amd64.deb
 42cb4f8f82d6e8d8213fc67c21443403 50806 libs optional libunwind8_1.1-4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVnq4eAAoJEAHLzEvyig0+CgMP/iQutJf3/SUFHDQmiLUCx8ia
lZ1oZyMZYgWsSLT335l98Atdq1JS4ieD5CLiN5LmHmZOL5SGWpJYXInsXfylKdz/
kUMg0VIpQnYFE6/WlvoHw6etPqb4fWsgINS1Zb54AucrzGTVPmzMrzHlB/5dxlKY
NyG8kbJxWoXapWd4x0bt5cYMUoKv7VogiVk8OsNiaKvZUjH4QQNT8VPCw6KO9uS2
gaD7X33XxzmGnOVOayLA4kfQJCX0FRYdAy/l85m/KuBM4pCh/ApTxGxoKLcQ++y2
Lqgp1VGK6rp0YO+JSUzBE/5W0sZIB4a75woh+8hJ9M21OSCMhFga4d2j0+Z/WCSM
sgPa0fSiU7/MhzmhpKhqlRkNMkA/bDS1ew0lMKr2Oth2rT1iWgFskrHhXeUYdzk9
vs3/tiS2AhdXKiBwWni6I/5lRfq95a5zjhx8rkO/UkO3y+mRiBCOn0jHdgQOwgn5
xO3VQ7vbfm3XCDD9k6JUSNgt4MHR/iTO7AgAtQ6eAQzVmlOvLrasCCUmKVeoPOHm
pf+A17/LymBgUbddqyy3H7SdXxHK32SL4FnEBlOxmrxlmyhGrxMj5oDoBscDgJjw
L9dzlthzd68pwBbY3lqixNO71Wsd/bskEbHMa4K/rK9oXnPT+v5fuWX6sX1tllGE
NxWOy67j4r/YWNc7JYb0
=S0pG
-----END PGP SIGNATURE-----

--- End Message ---