Your message dated Sun, 25 Sep 2016 19:21:09 +0000
with message-id <[email protected]>
and subject line Bug#838756: fixed in dwarfutils 20160923-1
has caused the Debian Bug report #838756,
regarding dwarfutils: CVE-2016-7510
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
838756: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838756
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: dwarfutils
Version: 20160613-3
Severity: important
Tags: security upstream
Forwarded: https://sourceforge.net/p/libdwarf/bugs/4/
Hi,
the following vulnerability was published for dwarfutils.
CVE-2016-7510[0]:
Out-of-Bounds read
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-7510
[1] https://sourceforge.net/p/libdwarf/bugs/4/
[2] https://www.prevanders.net/dwarfbug.html#DW201609-004
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: dwarfutils
Source-Version: 20160923-1
We believe that the bug you reported is fixed in the latest version of
dwarfutils, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Fabian Wolff <[email protected]> (supplier of updated dwarfutils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 25 Sep 2016 17:05:31 +0200
Source: dwarfutils
Binary: dwarfdump libdwarf-dev libdwarf1
Architecture: source
Version: 20160923-1
Distribution: unstable
Urgency: medium
Maintainer: Fabian Wolff <[email protected]>
Changed-By: Fabian Wolff <[email protected]>
Closes: 838019 838756 838757
Description:
dwarfdump - utility to dump DWARF debug information from ELF objects
libdwarf1 - library to consume and produce DWARF debug information (runtime)
libdwarf-dev - library to consume and produce DWARF debug information
Changes:
dwarfutils (20160923-1) unstable; urgency=medium
.
* New upstream release.
- Fixes CVE-2016-7410 (Closes: #838019).
- Fixes CVE-2016-7510 (Closes: #838756).
- Fixes CVE-2016-7511 (Closes: #838757).
* Update patch 01-fix-makefile.patch.
* Remove patch 02-reproducibility.patch (fixed upstream).
* Update symbols file.
Checksums-Sha1:
9fa69e3efa43a8ace21bdc8b116cfaa8c5433106 2075 dwarfutils_20160923-1.dsc
fce13003ed4ae5ed73f5b13f3f8973d02a9e090d 1721186
dwarfutils_20160923.orig.tar.gz
7fde79bedc2e309f39988ea6d257e9a6751a7fb6 10120
dwarfutils_20160923-1.debian.tar.xz
Checksums-Sha256:
e4be3377c5180291e285c3f6816ce28caa55b0a023c393adff38a1b265925fcb 2075
dwarfutils_20160923-1.dsc
539125a75aeaa7d4d5f34055cb49f65eeb636607527728d0a36f54a6039d203c 1721186
dwarfutils_20160923.orig.tar.gz
45977490174c6c0bb24ca61e45ca8ee191faf84fa481087f4f0a54274f8fee02 10120
dwarfutils_20160923-1.debian.tar.xz
Files:
0125a56462cc2fe5886bda46f66ecf70 2075 libs optional dwarfutils_20160923-1.dsc
4818ffb3f682e6ade023458a4f43e760 1721186 libs optional
dwarfutils_20160923.orig.tar.gz
3c0e08f3d51d3593c839290ee1a7afa9 10120 libs optional
dwarfutils_20160923-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJX6B+DAAoJEBXgmvTfUYLIWSUP/iMWcGjEt4xj8NIievd/7Nv5
BmIs3f2RhEj+Q6DuAY44yC6fXhNc/SZZrwrUleJSABnKmy22vfLEvcYqYZH8JbCT
5nF9lHlo1zmZGYRlkWamNqSY7dL1BsSRr6WRyLmDRpZ8v5qRUpOkGbZC6ryYTLRk
4bJjtar+wulID57AuuuwpZWlBBnDd/RsRz/BhBTu7213ckv0Rln/U/NNE/sWIjoz
aEXL8b1m1wdYHOTWEBg6ap4DHgq1YEVZnxguAztfBqy7Rl4x53C0tUoMxT80N70G
ropO+j/LJgG5b7WIj6NoGIcfBZo0srNZDRlqQmJ2cEysiKqDgIau7v6LHI7em1Su
GIbL9AiV7DALjL9BpXQrSbTy0CpA21HjkqDqMxSyrpgYOxMNXMCqkp9GUOOxvA96
0mEc5xVITTfq2WCIOG4RBl9cuyY69Bir4sPBm4SmtAFu/DMhinAg+euSAQssBY1R
vtaEJj+RMXWVaIibKzrLY5TChwup3RckPxhQxlWogpE+pzgLxkZnkpzzArNTRqkR
FJVhbyjFAsalRUxUNmxiJnsqM2hRb2qtPw8D3oc7FYu/FSRVwOTOsxUcuaDUZ3hs
IMJM6CgYFO8ebKS04Hyr6l7i9EuHHXv8Gd6NkDk0UW9IAitkZWqRwkvBBAA6Uw83
EVZReMrUI8lNFb025R8a
=heAE
-----END PGP SIGNATURE-----
--- End Message ---
