Your message dated Mon, 19 Nov 2018 21:35:34 +0000
with message-id <[email protected]>
and subject line Bug#907562: fixed in elfutils 0.175-1
has caused the Debian Bug report #907562,
regarding elfutils: CVE-2018-16062
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
907562: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907562
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: elfutils
Version: 0.170-0.5
Severity: normal
Tags: patch security upstream
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=23541
Control: found -1 0.168-1

Hi,

The following vulnerability was published for elfutils.

CVE-2018-16062[0]:
| dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before
| 2018-08-18 allows remote attackers to cause a denial of service
| (heap-based buffer over-read) via a crafted file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-16062
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=23541
[2] 
https://sourceware.org/git/?p=elfutils.git;a=commit;h=29e31978ba51c1051743a503ee325b5ebc03d7e9

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: elfutils
Source-Version: 0.175-1

We believe that the bug you reported is fixed in the latest version of
elfutils, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kurt Roeckx <[email protected]> (supplier of updated elfutils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 18 Nov 2018 23:01:23 +0100
Source: elfutils
Binary: elfutils libelf1 libelf-dev libdw-dev libdw1 libasm1 libasm-dev
Architecture: source
Version: 0.175-1
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx <[email protected]>
Changed-By: Kurt Roeckx <[email protected]>
Description:
 elfutils   - collection of utilities to handle ELF objects
 libasm-dev - libasm development libraries and header files
 libasm1    - library with a programmable assembler interface
 libdw-dev  - libdw1 development libraries and header files
 libdw1     - library that provides access to the DWARF debug information
 libelf-dev - libelf1 development libraries and header files
 libelf1    - library to read and write ELF files
Closes: 907562 911083 911276 911413 911414
Changes:
 elfutils (0.175-1) unstable; urgency=medium
 .
   * New upstream release
     - Build with gcc-8 (Closes: #911276)
     - Drop fix-gcc7-ftbfs.diff
     - Drop GNU_variable_value.patch
     - Drop locviews.patch
     - Update patches
   * Fixes CVE-2018-18521 (Closes: #911413)
   * Fixes CVE-2018-18520 (Closes: #911414)
   * Fixes CVE-2018-18310 (Closes: #911083)
   * Fixes CVE-2018-16403
   * Fixes CVE-2018-16402
   * Fixes CVE-2018-16062 (Closes: #907562)
Checksums-Sha1:
 a68e892c7347f0fe49158e9818e57607cb38c7c5 2568 elfutils_0.175-1.dsc
 361f835640ecffddc6d4543fb044eb53f673026f 8786600 elfutils_0.175.orig.tar.bz2
 a15f78114cad1c7dbe41b2c5710105563b83c481 488 elfutils_0.175.orig.tar.bz2.asc
 28eab328d1e8d8df41b13d9567c9d707dd5901d3 37404 elfutils_0.175-1.debian.tar.xz
 57e40bb1e428465522056af1907d7078559fc83e 8034 elfutils_0.175-1_source.buildinfo
Checksums-Sha256:
 32e42db07fa6c55697db27fb049b327b8bcee95e326c8b64498671dc9f3851ba 2568 
elfutils_0.175-1.dsc
 f7ef925541ee32c6d15ae5cb27da5f119e01a5ccdbe9fe57bf836730d7b7a65b 8786600 
elfutils_0.175.orig.tar.bz2
 103ae1a12d0b67e2d783f36dc780acd533d5c2a9d6241bcd62cfe1f6fa891a16 488 
elfutils_0.175.orig.tar.bz2.asc
 0de2c3f311d388a1dada67e4e37a41bd18fcf715c2a7bcb869d75f0815c70f23 37404 
elfutils_0.175-1.debian.tar.xz
 dd88885c7a1153ee0bc3ede69fe22d30b9b939142f25f27dda99792fa8e3cc61 8034 
elfutils_0.175-1_source.buildinfo
Files:
 9b6749ac7b767a9df5861a5b13bacf6d 2568 libs optional elfutils_0.175-1.dsc
 9a02b0382b78cc2d515fb950275d4c02 8786600 libs optional 
elfutils_0.175.orig.tar.bz2
 54de34fe526466caf58f8dce879623b6 488 libs optional 
elfutils_0.175.orig.tar.bz2.asc
 c088129dfd51831d1ea2e664fac54eb8 37404 libs optional 
elfutils_0.175-1.debian.tar.xz
 d586e4cd298fec2e61a37ebf7bedfefd 8034 libs optional 
elfutils_0.175-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlvzKXgACgkQ48TdzR5M
EkQ0mhAAqvoR6fm5a4w67O57UO3j+PM2t+3Slt4qDsfmB2ochhuQ81J5MYO+7kO9
Jen2DB4LMYBW1z0pY7/xvS91EXfxkrJqjhhELFmds0+2g6uyJrvFJ3l+lmTRpvCW
ijRUa5/PssXT8gH4blEBDERPz8Sdr6A3cwzUD5vHTQxF9F12rnDa9ofFeuyaFUW+
rxnubsksysSY7rJ91GG1JLAB9/n/DI2PgQyNwVJ6fT87oJuS6pN70JV7RJOodvRq
fYggTl1RWiuD6wAPlXmspDox4esGw5aYdgvwRR2AEO2wODxCkoMAltlUU0fPW7X7
TWDK23zVci1wtj9blquX3DUPu+L/E6tHV7p8t/HG0xpqfysTXgORkqV511DOJM8D
y3gkAh+jK2P2C88lrgWoLvDOQyfo/V81zbge82/wQzA9LAEbYojlDv7Jqx6YPqzz
nGac1sPvrR7tYrMDXH1CFBgtkpj+8SaHc39FAmP+wi8bg20wxjjRv5Tul9ffe34V
vVvoNjr+dJ5tpC1KPBH3kfDNU+gLocNK5rw00Hifm9ub3EKPT6pYZUSUpRRfDw3C
0ZuIuVAh+OhIhuvHOs/roWco0i8+Db3Sj/VnFbLvZeSgHerOqqvE08KNY1T0OD1k
uB88KJg7VFigV65sKwbGSQ78CCFhtlX++wg+G96+GXA6cGxe8+U=
=Dwb4
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to