libiberty 20170913-1ubuntu0.1 source package in Ubuntu


libiberty (20170913-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: stack Exhaustion in C++ demangling
    - debian/patches/CVE-2018-9138.patch: limit recusion and add
      --no-recruse-limit option to tools that support name demangling.
    - debian/patches/CVE-2018-9138-2.patch: fix a failure in the libiberty
      testsuite by increasing the recursion limit to 2048.
    - CVE-2018-9138
    - CVE-2018-12641
    - CVE-2018-12697
    - CVE-2018-12698
    - CVE-2018-17794
    - CVE-2018-17985
    - CVE-2018-18484
    - CVE-2018-18700
    - CVE-2018-18701
  * SECURITY UPDATE: excessive memory consumption
    - debian/patches/CVE-2018-12934.patch: remove support for demangling
      GCC 2.x era mangling schemes.
    - CVE-2018-12934
    - CVE-2018-18483
  * SECURITY UPDATE: stack consumption and heap-based buffer over-read
    - debian/patches/CVE-2019-907x.patch: reject negative lengths and add
      recursion counter.
    - CVE-2019-9070
    - CVE-2019-9071
  * SECURITY UPDATE: integer overflow and heap-based buffer overflow
    - debian/patches/CVE-2019-14250.patch: check zero value shstrndx.
    - CVE-2019-14250

 -- Marc Deslauriers <email address hidden>  Wed, 01 Apr 2020 09:55:08 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2020-04-01
Uploaded to:
Original maintainer:
Ubuntu Developers
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Bionic updates on 2020-04-08 main libdevel
Bionic security on 2020-04-08 main libdevel


File Size SHA-256 Checksum
libiberty_20170913.orig.tar.xz 1.1 MiB 59339a8c62979bf9d9f8deebca4de8bfd6b28503df2de6171b95d57da2f0974b
libiberty_20170913-1ubuntu0.1.debian.tar.xz 42.7 KiB a81bc907e81b509570e0fdf753bf62a7df357395ea46baa8843b3606e7e2beef
libiberty_20170913-1ubuntu0.1.dsc 1.9 KiB ddd13dbbd2a6c9cca58b41961fe54f1b68b30856dc96fc0bdb0c56d77b6c6294

View changes file

Binary packages built by this source

libiberty-dev: library of utility functions used by GNU programs

 The libib library is a collection of subroutines used by various
 GNU programs, which are missing or broken on some systems.
 This library shouldn't be used by other software, but unfortunately
 already is. There is no guaranty for a stable library API, and no
 shared library is provided.