Your message dated Thu, 04 Jun 2026 14:34:08 +0000
with message-id <[email protected]>
and subject line Bug#1136830: fixed in radare2 6.1.6+ds-1
has caused the Debian Bug report #1136830,
regarding radare2: CVE-2026-8696
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1136830: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136830
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: radare2
Version: 6.0.7+ds-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/radareorg/radare2/issues/25836
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for radare2.
CVE-2026-8696[0]:
| radare2 6.1.5 contains a use-after-free vulnerability in the
| gdbr_pids_list() function within the GDB client core that allows
| remote attackers to cause a denial of service or potentially execute
| arbitrary code by sending malformed thread information responses.
| Attackers can trigger the vulnerability by causing qsThreadInfo to
| fail after qfThreadInfo successfully allocates RDebugPid structures,
| resulting in double-free memory corruption when the error path
| attempts to clean up the list.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-8696
https://www.cve.org/CVERecord?id=CVE-2026-8696
[1] https://github.com/radareorg/radare2/issues/25836
[2]
https://github.com/radareorg/radare2/commit/c213ad6894a1eb9086ac8bf5fae35757e9e1683c
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: radare2
Source-Version: 6.1.6+ds-1
Done: Alex Myczko <[email protected]>
We believe that the bug you reported is fixed in the latest version of
radare2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alex Myczko <[email protected]> (supplier of updated radare2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 04 Jun 2026 14:43:44 +0200
Source: radare2
Architecture: source
Version: 6.1.6+ds-1
Distribution: experimental
Urgency: medium
Maintainer: Debian Security Tools <[email protected]>
Changed-By: Alex Myczko <[email protected]>
Closes: 1136830 1136831
Changes:
radare2 (6.1.6+ds-1) experimental; urgency=medium
.
* New upstream version.
(Closes: #1136831) (CVE-2026-8695)
(Closes: #1136830) (CVE-2026-8696)
* d/clean: updated.
* d/rules: updated.
Checksums-Sha1:
b9b88ed963b9b9009c67f6b718c70c5ef86ffca4 2373 radare2_6.1.6+ds-1.dsc
98042797d06710539d9266f90592b786672ae04f 8964700 radare2_6.1.6+ds.orig.tar.xz
03f354c18e5498079ac8b92d455dd418887504a7 19344 radare2_6.1.6+ds-1.debian.tar.xz
ed1f1cc5c8b5a87df68ed2bad4ea9092dc6c7460 7683
radare2_6.1.6+ds-1_source.buildinfo
Checksums-Sha256:
cc77614d00ad079f25707a001b2c34b58b8e3dd9f468948a6c9306d3f7bd7762 2373
radare2_6.1.6+ds-1.dsc
7c839bcb24dac3bf3cc60e499a4e46f4c9c4568851f95c1e4911e83ecc119163 8964700
radare2_6.1.6+ds.orig.tar.xz
cbb118b8addf89edf67b1be40bec5c2070062c44e846e1ae04cc12bde3cd8c75 19344
radare2_6.1.6+ds-1.debian.tar.xz
6d8cfc5e18ccb017fa233f78b7e7ef65e1438e242b4c3b0a7ba8cc0c900bc75e 7683
radare2_6.1.6+ds-1_source.buildinfo
Files:
7d62f6227da96ce49d6f1aa228a84a7b 2373 devel optional radare2_6.1.6+ds-1.dsc
543b6227b275a10f3597357fd50dc8c4 8964700 devel optional
radare2_6.1.6+ds.orig.tar.xz
df0c1d68097f3c0442c1bad7673af590 19344 devel optional
radare2_6.1.6+ds-1.debian.tar.xz
4e4a8359f4f352479f890f5a2396f59d 7683 devel optional
radare2_6.1.6+ds-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtgob82PcExn/Co6JEWhSvN91FcAFAmohf0IACgkQEWhSvN91
FcBjRQ/+IcRTehz7ljeD9g2RXF6/uU6f7TJzU+OLmuYyC5fKWefw5q5RYCVoFZFq
5/qO0lYKG5+VsInylLZxXKwRdIE0pZG/FzuYizMX2PPYdSuGADWW1H2jf6jMCN2F
WfIWZjbhFqNKGgl0N9qraa0L2OvNcfgkHMpaVjqGsxvnDHwnOf3xJ0DFvAr64Cqo
FQ/6VwLwp8/28x0kTRfcd5RkHQavuHakbDEEi2qY3R3DY27BIfZ3kp9AssZ9n3hD
dhMnhQztbgiOLDPUlOb3D9BvoKd9oxNsi+U4e7zeauLiuedZgbIErApXOWl0BpPI
CuGRxVZx3R/EMeT0LZdNWpl/8HO7RI+iNaQZBOh6AD9eWEvkYEruOc+0zp7LviqK
6uFzhwPu4NYeZBWGIMiQJVkz4Iqathnth8ZNB+nUJmTydE0KdVSjuzrJdRfgP0XL
/uIDrELZkui/5qW2Gi4I1W0U3woyWAiwI8Zw+q+3dcetvGR9YMZcQAtou6XSsGFM
77NhafMgsATmr0/M9E1KbRtf174xrSsIOzHVcTpm2RLIjMvXsP1tHvpPWf0/l0KP
2lOgvAhSdzGNRx66OHBHJPMXFwfSrtOjnkYyUOyVHCUHL77A3eLaKuPfONl/XvNP
Jp1bvJHSGuUImOuiwO6Nkn/Te91+iwCNXzMAvtC43s3/j8gJDzs=
=GfA7
-----END PGP SIGNATURE-----
pgpzrd9BIl7ym.pgp
Description: PGP signature
--- End Message ---
