Your message dated Fri, 21 Oct 2016 10:23:33 +0000
with message-id <[email protected]>
and subject line Bug#840961: fixed in dwarfutils 20161001-2
has caused the Debian Bug report #840961,
regarding dwarfutils: CVE-2016-8681: heap-based buffer overflow in
_dwarf_get_abbrev_for_code second one
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
840961: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840961
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dwarfutils
Version: 20161001-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for dwarfutils.
CVE-2016-8681[0]:
dwarf_util.c: heap-based buffer overflow in _dwarf_get_abbrev_for_code second
one
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-8681
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dwarfutils
Source-Version: 20161001-2
We believe that the bug you reported is fixed in the latest version of
dwarfutils, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Fabian Wolff <[email protected]> (supplier of updated dwarfutils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 20 Oct 2016 22:33:00 +0200
Source: dwarfutils
Binary: dwarfdump libdwarf-dev libdwarf1
Architecture: source
Version: 20161001-2
Distribution: unstable
Urgency: medium
Maintainer: Fabian Wolff <[email protected]>
Changed-By: Fabian Wolff <[email protected]>
Closes: 840958 840960 840961
Description:
dwarfdump - utility to dump DWARF debug information from ELF objects
libdwarf1 - library to consume and produce DWARF debug information (runtime)
libdwarf-dev - library to consume and produce DWARF debug information
Changes:
dwarfutils (20161001-2) unstable; urgency=medium
.
* Add patch 02-CVE-2016-8680.patch to fix CVE-2016-8680 (Closes: #840960).
* Add patch 03-CVE-2016-8679.patch to fix both CVE-2016-8679 and
CVE-2016-8681 (the same fix applies to both issues)
(Closes: #840958, #840961).
Checksums-Sha1:
4dd560494748a24033648d4ee3a75c301e3138cf 2057 dwarfutils_20161001-2.dsc
b2712b0ca172b262f09c1808106de7163614aac6 1724649
dwarfutils_20161001.orig.tar.gz
2ac9b8876a9d08b40407549c0f6a07193cde44a1 12536
dwarfutils_20161001-2.debian.tar.xz
Checksums-Sha256:
e456602072e6a68fec080937f10b0c8058f3f711170e7b469341a1e644b7023a 2057
dwarfutils_20161001-2.dsc
60c40f9a75c1fc8e35a60f7e9c41a2d02527434b70e594adcd0723f73e4f6b4d 1724649
dwarfutils_20161001.orig.tar.gz
1c06b527faf986ea03c24810260c50d1a20cabc2a83e8f1bba2b3ea4718a550f 12536
dwarfutils_20161001-2.debian.tar.xz
Files:
ba1fa1d2f2ecc0d47f9163584f577564 2057 libs optional dwarfutils_20161001-2.dsc
7b4cf2ae33fa0921aae2a431cd185e91 1724649 libs optional
dwarfutils_20161001.orig.tar.gz
14cda10188b829d8ecfaa70a9eaca23c 12536 libs optional
dwarfutils_20161001-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYCcgNAAoJEBXgmvTfUYLI6tMP/jVYilWX4ayRBCRl2/nb8vzw
KdHlm+1iS8eQOiQQvTVZksB+JkyEwcWKow3vdTSQhsgp6U2/nVAtFcY5vSG5Xoaw
fZ4cVZege6bN/Kv+ZrxZUdCKE/FOaTi7dXDmr17nlg+vJNRSEGqtZh2Kz/0o5mi0
7oPeOHnEKgk1x4PICwlyGsoUCVi1hreytWAdcoyg9wHVFWFxM5EPfXqrNuq88HgV
vGPwQGFyCg2z1Nfn3I7BWxsEE5wHBlP+krreRKw2HCc/SidvnBv4FRkLpweS0gs/
Sw5P9pbaV2Iwgi1DZEfq5Z+x1zvKC9WjJlXh1g2rljfY5goInVN3go1Z3LioWUdV
D+PgvG6iq1v2lsjtA+eN070NiA8pu7zL7fwm+++AO1vlnZdKU2qsJDIi/qT+1d3e
Ya4Z1jNn0ikr50iqPI75AJp6p4DWeQINgcvo6Cnk3Fu3ywrvX0uC1kh3G2mHixmT
ZO4O9DGpbrLs4Tueh9U7hTdfYt7SzRUtNXc0QGF08rhpLMhjScxhGYA4Rt4Kpny7
07ZYdbNESFZeVlyA3p23B7PoPogFhI3By7SseIzXVQMX/bP4qyjef4gJBqsc2YnJ
YYlCkQ+UX9ZJkGVX2QRVz41kB5C/S6vGaA9ZDo5WgR6MyKlwzDJvU8k0+qmwTKvu
bS4JXXgdMMBvCSV4JWUZ
=bOqt
-----END PGP SIGNATURE-----
--- End Message ---
