Your message dated Sat, 16 Feb 2019 14:47:53 +0000
with message-id <[email protected]>
and subject line Bug#920911: fixed in elfutils 0.176-1
has caused the Debian Bug report #920911,
regarding elfutils: CVE-2019-7146
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
920911: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920911
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: elfutils
Version: 0.175-2
Severity: normal
Tags: security upstream
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=24075
Hi,
The following vulnerability was published for elfutils.
CVE-2019-7146[0]:
| In elfutils 0.175, there is a buffer over-read in the ebl_object_note
| function in eblobjnote.c in libebl. Remote attackers could leverage
| this vulnerability to cause a denial-of-service via a crafted elf file,
| as demonstrated by eu-readelf.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-7146
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7146
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=24075
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: elfutils
Source-Version: 0.176-1
We believe that the bug you reported is fixed in the latest version of
elfutils, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kurt Roeckx <[email protected]> (supplier of updated elfutils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 16 Feb 2019 14:54:50 +0100
Source: elfutils
Binary: elfutils libelf1 libelf-dev libdw-dev libdw1 libasm1 libasm-dev
Architecture: source
Version: 0.176-1
Distribution: unstable
Urgency: medium
Maintainer: Kurt Roeckx <[email protected]>
Changed-By: Kurt Roeckx <[email protected]>
Description:
elfutils - collection of utilities to handle ELF objects
libasm-dev - libasm development libraries and header files
libasm1 - library with a programmable assembler interface
libdw-dev - libdw1 development libraries and header files
libdw1 - library that provides access to the DWARF debug information
libelf-dev - libelf1 development libraries and header files
libelf1 - library to read and write ELF files
Closes: 920909 920910 920911 921880 921881
Changes:
elfutils (0.176-1) unstable; urgency=medium
.
* New upstream release
- Fixes CVE-2019-7150 (Closes: #920909)
- Fixes CVE-2019-7149 (Closes: #920910)
- Fixes CVE-2019-7146 (Closes: #920911)
- Fixes CVE-2019-7665 (Closes: #921880)
- Fixes CVE-2019-7664 (Closes: #921881)
- Fixes CVE-2019-7148
- Drop 0001-tests-Call-test_cleanup-in-backtrace-subr.sh-check_u.patch,
applied upstream.
* Update upstream PGP key to new one
Checksums-Sha1:
8347e18edde0262f8e14c1c4a41566005f1a4e02 2568 elfutils_0.176-1.dsc
6511203cae7225ae780501834a7ccd234b14889a 8646075 elfutils_0.176.orig.tar.bz2
6012c37ad5eeb16add7e5e1f0929c383ce0e00d4 455 elfutils_0.176.orig.tar.bz2.asc
e90a5ed9fc1ba2e193c5316e487909c2ad29212b 31492 elfutils_0.176-1.debian.tar.xz
a79a742dcc611e54c9a77a12a2f9f7e9d1e65d40 8044 elfutils_0.176-1_source.buildinfo
Checksums-Sha256:
04188a6d3e83332d462a6b8f5add8fc5f37e4f95cf5d602ad74b574b6f61fc4f 2568
elfutils_0.176-1.dsc
eb5747c371b0af0f71e86215a5ebb88728533c3a104a43d4231963f308cd1023 8646075
elfutils_0.176.orig.tar.bz2
51474b579b25fc799de0777e241c83605427d2903f8d28524ef6af42f75931fd 455
elfutils_0.176.orig.tar.bz2.asc
f19d4982d9c98be2effac6846db55b67d99f152d52babb83592355e497f7dc71 31492
elfutils_0.176-1.debian.tar.xz
095be69b4b1f2594bde92deb58f627bf55a95c62fc5f76a49fc26d5fa87093ac 8044
elfutils_0.176-1_source.buildinfo
Files:
c9f86b92d2d6908fa135c359977d9763 2568 libs optional elfutils_0.176-1.dsc
077e4f49320cad82bf17a997068b1db9 8646075 libs optional
elfutils_0.176.orig.tar.bz2
5296badecd902a6bf8fc7eb778cea932 455 libs optional
elfutils_0.176.orig.tar.bz2.asc
abe54f8d3ecf21759cc0348c8fdfbbde 31492 libs optional
elfutils_0.176-1.debian.tar.xz
6c5ddab71027c325f13b7bc2b4d452ae 8044 libs optional
elfutils_0.176-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlxoGGEACgkQ48TdzR5M
EkTF/A//cOTqZVEHRLfdv8eQVYIGbPoEWaMxCLIIvzSvGk7JT7ZhdFRXsuGuu4gM
+lo/5LtgU6MkulhjewJmdRuWWPuqo5KonZZxVoaQ+tm4a37v0KDtV0KM8WPr/Vct
ZcQ4uuSvDf+ONijkJbnApBNRE8mcAJy2pvDt8mM4Nl+1aEcnpENu3U8qBWjCNk07
IYaDfH6y97kF/zhwweYAitJcXlQTkpGW9eiV8xTx3dnmKwtQdGbj+DijCFY3dIES
Q61wtJLSd7SsbfYbVbaPgx6JCbgZTpBCX7oG/nzyNdWfkSjjfP02IYYC9bXfCAB4
QoF841C5KDluTvP2ashHnlHGp66KkJ0kuGw2LNwRUj609S8FUU+7FsGqm3b3ASeu
9pAkU7Za5aIMQNAALDultvkwt32ymf7oXgVgZK7veY9s54Bih8hIoiph8yfTaDDA
JWWIeVXxN4eGcslmmSnO2d8CsS5IwTRLyr6oU+C28RlIJnBxFVelBymUjvbjQalr
yafmYdSxxJQ4PACf3s2tbgTFC8hG8qxNJpHTYx8z2rpOAlcdAlX3yf9E7901snj9
lIfI0oes91CrMOyX9ODhvxHH22btb9DPG+FhrHly/JkOTxzo+4ARrSwHPN/IoYbq
AX9xSXXifhFuWg7hmJfljw5Rh1s1hqU3bEcOWAu5yNIkHGvNoO4=
=wNMi
-----END PGP SIGNATURE-----
--- End Message ---
