Your message dated Sat, 27 May 2017 13:34:09 +0000
with message-id <[email protected]>
and subject line Bug#859996: fixed in elfutils 0.168-1
has caused the Debian Bug report #859996,
regarding elfutils: CVE-2017-7607
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
859996: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859996
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: elfutils
Version: 0.168-0.2
Severity: important
Tags: upstream security
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=21299
Hi,
the following vulnerability was published for elfutils.
CVE-2017-7607[0]:
| The handle_gnu_hash function in readelf.c in elfutils 0.168 allows
| remote attackers to cause a denial of service (heap-based buffer
| over-read and application crash) via a crafted ELF file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-7607
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7607
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=21299
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: elfutils
Source-Version: 0.168-1
We believe that the bug you reported is fixed in the latest version of
elfutils, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kurt Roeckx <[email protected]> (supplier of updated elfutils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 27 May 2017 15:05:37 +0200
Source: elfutils
Binary: elfutils libelf1 libelf-dev libdw-dev libdw1 libasm1 libasm-dev
Architecture: source
Version: 0.168-1
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx <[email protected]>
Changed-By: Kurt Roeckx <[email protected]>
Description:
elfutils - collection of utilities to handle ELF objects
libasm-dev - libasm development libraries and header files
libasm1 - library with a programmable assembler interface
libdw-dev - libdw1 development libraries and header files
libdw1 - library that provides access to the DWARF debug information
libelf-dev - libelf1 development libraries and header files
libelf1 - library to read and write ELF files
Closes: 859990 859991 859992 859993 859994 859995 859996
Changes:
elfutils (0.168-1) unstable; urgency=medium
.
* Fix CVE-2017-7607 (Closes: #859996)
* Fix CVE-2017-7608 (Closes: #859995)
* Fix CVE-2017-7609 (Closes: #859994)
* Fix CVE-2017-7610 (Closes: #859993)
* Fix CVE-2017-7611 (Closes: #859992)
* Fix CVE-2017-7612 (Closes: #859991)
* Fix CVE-2017-7613 (Closes: #859990)
Checksums-Sha1:
0867044ad2916bf3d5c2db274469562edc076de3 2549 elfutils_0.168-1.dsc
53e486ddba572cf872d32e9aad4d7d7aa6e767ff 6840399 elfutils_0.168.orig.tar.bz2
5326af61e2ecf811ef1ede808f9e788219295fc3 473 elfutils_0.168.orig.tar.bz2.asc
098c14df4c0f3fbc918ac06ffb27b5c07baa6055 39964 elfutils_0.168-1.debian.tar.xz
1c6bc5ab60ba56406ef1d3254129b6524bbb26b7 6099 elfutils_0.168-1_source.buildinfo
Checksums-Sha256:
b29e03a3d515d9accd52019ff7c75762ae5e61285453518ff90d538e9878ad7f 2549
elfutils_0.168-1.dsc
b88d07893ba1373c7dd69a7855974706d05377766568a7d9002706d5de72c276 6840399
elfutils_0.168.orig.tar.bz2
f455fc014b59a0d80ab921935d20f26e64f411a424d4be29ec5bf3a1378f3002 473
elfutils_0.168.orig.tar.bz2.asc
5517922b1025d32903759c46f9a1f656e3e367c5ea036dc54b32cbbe68a5f300 39964
elfutils_0.168-1.debian.tar.xz
93412aa60a3ce37d2d2d2210895dc243c3fd7f5ab1b82ba2e06ff78e84874736 6099
elfutils_0.168-1_source.buildinfo
Files:
0bff5a8b0f6ba938b660826f365ec8de 2549 libs optional elfutils_0.168-1.dsc
52adfa40758d0d39e5d5c57689bf38d6 6840399 libs optional
elfutils_0.168.orig.tar.bz2
7305e2dd0db220864ad7aa674d47c0e2 473 libs optional
elfutils_0.168.orig.tar.bz2.asc
76f927edf68a4d0e784f3e34fc8b54f6 39964 libs optional
elfutils_0.168-1.debian.tar.xz
26b392c9c05cb3c3f220dbc928f45466 6099 libs optional
elfutils_0.168-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlkpfqsACgkQ48TdzR5M
EkTbBA/8DV4POCFvCKMoTl5Xh3SZC2sHEvQhx/CPrRuljXz5TwAjqeJHTI1IVFqq
M6BnDRZmdMcSETKDchywRf148Va4acsqnBL1dYwgNM0jJD+stzWkpPjbax/0B134
ZVu2v8CShJGKlg134X8xN6ZONd/KO9eylHaYpbK3snyik9gMJVQ/QCNo1yM3hcwy
RfiIaY3P+drGGdnSaCiQTUZnxzy9AY1eOSduxMmyWfBdOsHju3krdsygmgYkqFC5
ENOqk08ObIMoalQtUufIm2ftPyhuC1GJnM92yApRv/giXsoqID+T6a4bC0ayXg9E
A0q/HEzvNnBKaW7WcwCbRNTMs76WTFPebvbH8AQOl24ybLNABgO6vgYA16lxU8dv
Ihfz9/ezeCHdn94pkOrXmqEY+CVjUonwBvStsBYEDBjSI7dSKCRP18XN3J5gd9PZ
ZRtYtjPDzE/DrYDIuK4n1m54vhq1ctqkdgCAfgSUVru9CCmYnMa5MwEjra+gefDo
/kzTWT9tTntk4uxNAw2YWVUVnrPu9TI/SOsEd1kUA3M0sZISdoZhA39m/LfSwqzb
Vr9Snar3/tzFsif2NLLHCrpk4EocppEa3u74dK0MMlWYaTPAS2FnereFsqPf7PBF
UyBZR+rOHDtR35KJ799iGHZccWQ8+dUwe4Jvwmti8g7Z3BM0oTA=
=TqKI
-----END PGP SIGNATURE-----
--- End Message ---