Publishing details
Changelog
radare2 (1.6.0+dfsg-1) unstable; urgency=medium
* New upstream release
- Fix for CVE-2017-9520 (Closes: #864533)
The r_config_set function in libr/config/config.c in radare2 1.5.0
allows remote attackers to cause a denial of service (use-after-free
and application crash) via a crafted DEX file.
- Fix for CVE-2017-9949 (Closes: #866068)
The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0
allows remote attackers to cause a denial of service (stack-based
buffer underflow and application crash) or possibly have unspecified
other impact via a crafted binary file, possibly related to a buffer
underflow in fs/ext2.c in GNU GRUB 2.02.
- Fix for CVE-2017-10929 (Closes: #867369)
The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0
allows remote attackers to cause a denial of service (heap-based buffer
overflow and application crash) or possibly have unspecified other
impact via a crafted binary file, possibly related to a read overflow
in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB
2.02.
* Switch to Debian Standard Version 4.0.0
-- Sebastian Reichel <email address hidden> Thu, 13 Jul 2017 00:05:39 +0200
Builds
Package files