libiberty 20160215-1ubuntu0.3 source package in Ubuntu


libiberty (20160215-1ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: stack Exhaustion in C++ demangling
    - debian/patches/CVE-2018-9138.patch: limit recusion and add
      --no-recruse-limit option to tools that support name demangling.
    - debian/patches/CVE-2018-9138-2.patch: fix a failure in the libiberty
      testsuite by increasing the recursion limit to 2048.
    - CVE-2018-9138
    - CVE-2018-12641
    - CVE-2018-12697
    - CVE-2018-12698
    - CVE-2018-17794
    - CVE-2018-17985
    - CVE-2018-18484
    - CVE-2018-18700
    - CVE-2018-18701
  * SECURITY UPDATE: excessive memory consumption
    - debian/patches/CVE-2018-12934.patch: remove support for demangling
      GCC 2.x era mangling schemes.
    - CVE-2018-12934
    - CVE-2018-18483
  * SECURITY UPDATE: stack consumption and heap-based buffer over-read
    - debian/patches/CVE-2019-907x.patch: reject negative lengths and add
      recursion counter.
    - CVE-2019-9070
    - CVE-2019-9071
  * SECURITY UPDATE: integer overflow and heap-based buffer overflow
    - debian/patches/CVE-2019-14250.patch: check zero value shstrndx.
    - CVE-2019-14250

 -- Marc Deslauriers <email address hidden>  Wed, 01 Apr 2020 11:39:51 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2020-04-01
Uploaded to:
Original maintainer:
Ubuntu Developers
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Xenial updates on 2020-04-08 main libdevel
Xenial security on 2020-04-08 main libdevel


File Size SHA-256 Checksum
libiberty_20160215.orig.tar.xz 1.0 MiB 0a1604df747a20f3c3a31bb44395aeb133a7bc6daf15c82a719b4833ad53af57
libiberty_20160215-1ubuntu0.3.debian.tar.xz 49.9 KiB a1d4d897f80829f72b0c4bb0dea26c24192e9eb00f5aa29e15d3b7291f059b04
libiberty_20160215-1ubuntu0.3.dsc 1.9 KiB dd6875b30a4236b91d6e61414a2deba468d1c807c96f101b02957343ee882ad1

View changes file

Binary packages built by this source

libiberty-dev: library of utility functions used by GNU programs

 The libib library is a collection of subroutines used by various
 GNU programs, which are missing or broken on some systems.
 This library shouldn't be used by other software, but unfortunately
 already is. There is no guaranty for a stable library API, and no
 shared library is provided.