Bug#311975: marked as done (binutils: buffer overflow)

[Debian Bug Tracking System]

Your message dated Sun, 04 Sep 2005 20:02:10 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#311975: fixed in binutils 2.16.1cvs20050902-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 4 Jun 2005 15:04:19 +0000
>From [EMAIL PROTECTED] Sat Jun 04 08:04:19 2005
Return-path: <[EMAIL PROTECTED]>
Received: from smtp2.wanadoo.fr [193.252.22.29] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DeaCB-0005Ya-00; Sat, 04 Jun 2005 08:04:19 -0700
Received: from me-wanadoo.net (localhost [127.0.0.1])
        by mwinf0209.wanadoo.fr (SMTP Server) with ESMTP id 209FC1C00217
        for <[EMAIL PROTECTED]>; Sat,  4 Jun 2005 17:03:48 +0200 (CEST)
Received: from argos.server.maison 
(AToulouse-152-1-34-11.w82-125.abo.wanadoo.fr [82.125.144.11])
        by mwinf0209.wanadoo.fr (SMTP Server) with ESMTP id E3A0A1C00210;
        Sat,  4 Jun 2005 17:03:47 +0200 (CEST)
X-ME-UUID: [EMAIL PROTECTED]
Received: from prahal by argos.server.maison with local (Exim 4.50)
        id 1DeaBl-0006BQ-0q; Sat, 04 Jun 2005 17:03:53 +0200
Date: Sat, 4 Jun 2005 17:03:53 +0200
From: [EMAIL PROTECTED]
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: binutils: buffer overflow
Message-ID: <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Reportbug-Version: 3.12
Sender: [EMAIL PROTECTED]
User-Agent: Mutt/1.5.9i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.4 required=4.0 tests=BAYES_00,HAS_PACKAGE,
        NO_REAL_NAME autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: binutils
Version: 2.16-0
Severity: normal

gentoo submitted a security advisory for binutils and elfutils:
http://www.securityfocus.com/bid/13830/info
http://www.gentoo.org/security/en/glsa/glsa-200506-01.xml

details and examples that crash binutils tools : nm, objdump,
strings (i have been unable to reproduce with the supposed other
affexted tools cited):
http://bugs.gentoo.org/show_bug.cgi?id=91398

nm ./a.out
Segmentation Fault

(...)

most patches are in this report:
http://bugs.gentoo.org/show_bug.cgi?id=91817


The latest binutils patch was also about bfd though it looks like
it did not fixed this issue or not all of the failures.
If i am wrong and this is already fixed please close the report
(i saw the issue was discussed on the binutils ML, redhat, suse
and gentoo so probabilites are high this was the previous patch
applied to debian binutils ... though i cannot tell and it looks
like securityfocus cannot either).


Regards
Alban


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc5usb-serial
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8)

Versions of packages binutils depends on:
ii  libc6                         2.3.5-1    GNU C Library: Shared libraries an

-- no debconf information


---------------------------------------
Received: (at 311975-close) by bugs.debian.org; 5 Sep 2005 03:08:25 +0000
>From [EMAIL PROTECTED] Sun Sep 04 20:08:25 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
        id 1EC7FK-0001We-00; Sun, 04 Sep 2005 20:02:10 -0700
From: James Troup <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#311975: fixed in binutils 2.16.1cvs20050902-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sun, 04 Sep 2005 20:02:10 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02

Source: binutils
Source-Version: 2.16.1cvs20050902-1

We believe that the bug you reported is fixed in the latest version of
binutils, which is due to be installed in the Debian FTP archive:

binutils-dev_2.16.1cvs20050902-1_i386.deb
  to pool/main/b/binutils/binutils-dev_2.16.1cvs20050902-1_i386.deb
binutils-doc_2.16.1cvs20050902-1_all.deb
  to pool/main/b/binutils/binutils-doc_2.16.1cvs20050902-1_all.deb
binutils-multiarch_2.16.1cvs20050902-1_i386.deb
  to pool/main/b/binutils/binutils-multiarch_2.16.1cvs20050902-1_i386.deb
binutils_2.16.1cvs20050902-1.diff.gz
  to pool/main/b/binutils/binutils_2.16.1cvs20050902-1.diff.gz
binutils_2.16.1cvs20050902-1.dsc
  to pool/main/b/binutils/binutils_2.16.1cvs20050902-1.dsc
binutils_2.16.1cvs20050902-1_i386.deb
  to pool/main/b/binutils/binutils_2.16.1cvs20050902-1_i386.deb
binutils_2.16.1cvs20050902.orig.tar.gz
  to pool/main/b/binutils/binutils_2.16.1cvs20050902.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
James Troup <[EMAIL PROTECTED]> (supplier of updated binutils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat,  3 Sep 2005 00:30:56 +0100
Source: binutils
Binary: binutils-dev binutils-hppa64 binutils-multiarch binutils binutils-doc
Architecture: source i386 all
Version: 2.16.1cvs20050902-1
Distribution: unstable
Urgency: low
Maintainer: James Troup <[EMAIL PROTECTED]>
Changed-By: James Troup <[EMAIL PROTECTED]>
Description: 
 binutils   - The GNU assembler, linker and binary utilities
 binutils-dev - The GNU binary utilities (BFD development files)
 binutils-doc - Documentation for the GNU assembler, linker and binary utilities
 binutils-multiarch - Binary utilities that support multi-arch targets
Closes: 311975 320697
Changes: 
 binutils (2.16.1cvs20050902-1) unstable; urgency=low
 .
   * New upstream CVS snapshot.
    * Fixes --as-needed on sparc and hppa.  Closes: #320697
    * Fixes buffer overflows and other crashes.  Closes: #311975
 .
   * 124_readelf_robustify.dpatch: merged upstream - removed.
   * 001_ld_makefile_patch: regenerated with help of wiggle.
 .
   * debian/*.shlibs: update to version 2.16.91.
 .
   * debian/copyright: use canonical GNU URL.  Update copyright years.
   * debian/rules: update version and copyright.
 .
   * debian/rules (pre-build): not relevant with a CVS snapshot which
     doesn't have pre-generated info files - removed.
   * debian/rules (clean): don't save info files for the same reason, in
     fact explicitly remove them.
   * debian/rules (build_stamps): drop pre-build.
Files: 
 5b8ee3723d2e2984d9cd22eb47f11f7e 1506 devel standard 
binutils_2.16.1cvs20050902-1.dsc
 67ad2ccf07d2393f61f0c53ce7436906 15610618 devel standard 
binutils_2.16.1cvs20050902.orig.tar.gz
 b0b998f42bfb1e7d109745810db17dbc 34096 devel standard 
binutils_2.16.1cvs20050902-1.diff.gz
 58b28add0c3489fc9b66b476b6e26ada 459948 doc optional 
binutils-doc_2.16.1cvs20050902-1_all.deb
 9fbd1fd297371bd76148cb6ae41ce9c9 2527814 devel standard 
binutils_2.16.1cvs20050902-1_i386.deb
 64c7178f3643d8068815f7b58c787ff4 2372374 devel extra 
binutils-dev_2.16.1cvs20050902-1_i386.deb
 690cbdf76a2c214601058fb540c837b2 7059000 devel extra 
binutils-multiarch_2.16.1cvs20050902-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iQIVAwUBQxuscNfD8TGrKpH1AQIwVxAAhAzVVL5AdfL4iBajBnLevOmckpTpKMbk
8N3tTSiqBSllK/HbmF7msMUqMgDtWwq1a0eUFwqoDOgvK/b0OX2SpxAmbF/qWUxf
0x21cgFoWgVLBSZiEuPHzUmX+BGuncvSUnqGqXi+KvnG8HaJFLjQ8eNXdp5PV9lU
eaiOqwqOaI/6Nz39/ArAxCWkw5BqF0pM9JfxFaOYskjx5yyrK96zzTr9c2wi60lz
2HH0rza1L4hSMbuxeJ6vVr+vCEK4c+6479ckYW7fak8ZP6CCCkVUGBfzT1x5vedi
sgoXTfdO7hle4fk+CNzq1ySj2ziKpXl8kg4PopPfjNzhB/JYqermGSb2LA0N3TVn
8V2Bh/jn4PDJJ3wrTP1hws22e6Qim5aYelDtWiyy5LdVXCMmaT+Tbnv7Fxfrdcva
L2ZOLmxYxCGt/RmE7XTAweGUWLggc6cPollEeFdAIvziCUcfFw6CDcDcZjrCT1AR
+vt5IM1iz/lLpqQgAn406ax8yY0OD8gIVQoQglneMLuFyyAPzKDYHm7V44NJGe11
MjnnaNT4RzX/Q4JGXQQtdCpWOqiH631TssYgE7hwS1rTHwmc39kbOEDfOTKPGRw+
YMNXJkJNh2IosoBQgZN1YUFKGN+lOPC9wGDHMzP3/wM2a1/H8YnQv3xtQoC3sB0y
sfIbjOASZ00=
=nmB7
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]