valgrind 1:3.11.0-1ubuntu4.2 source package in Ubuntu

Changelog

valgrind (1:3.11.0-1ubuntu4.2) xenial-security; urgency=medium

  * SECURITY UPDATE: integer overflow in string_appends
    - debian/patches/CVE-2016-2226.patch: check for overflow in
      coregrind/m_demangle/cplus-dem.c, add xmalloc_failed and xmemdup to
      coregrind/m_demangle/vg_libciface.h.
    - CVE-2016-2226
  * SECURITY UPDATE: use-after-free vulnerabilities
    - debian/patches/CVE-2016-4487_4488.patch: set bsize and ksize in
      coregrind/m_demangle/cplus-dem.c.
    - CVE-2016-4487
    - CVE-2016-4488
  * SECURITY UPDATE: integer overflow in gnu_special
    - debian/patches/CVE-2016-4489.patch: handle case where consume_count
      returns -1 in coregrind/m_demangle/cplus-dem.c.
    - CVE-2016-4489
  * SECURITY UPDATE: integer overflow after sanity checks
    - debian/patches/CVE-2016-4490.patch: parse numbers as integer instead
      of long in coregrind/m_demangle/cp-demangle.c.
    - CVE-2016-4490
  * SECURITY UPDATE: denial of service via infinite recursion
    - debian/patches/CVE-2016-4491.patch: limit recursion in
      coregrind/m_demangle/cp-demangle.c, coregrind/m_demangle/demangle.h.
    - CVE-2016-4491
  * SECURITY UPDATE: buffer overflow in do_type
    - debian/patches/CVE-2016-4492_4493.patch: properly handle large values
      and overflow in coregrind/m_demangle/cplus-dem.c.
    - CVE-2016-4492
    - CVE-2016-4493
  * SECURITY UPDATE: denial of service via infinite recursion
    - debian/patches/CVE-2016-6131.patch: prevent infinite recursion in
      coregrind/m_demangle/cplus-dem.c, add XDUPVEC to
      coregrind/m_demangle/vg_libciface.h.
    - CVE-2016-6131

 -- Marc Deslauriers <email address hidden>  Wed, 07 Jun 2017 15:24:31 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2017-06-07
Uploaded to:
Xenial
Original maintainer:
Ubuntu Developers
Architectures:
amd64 arm64 armhf i386 mips mipsel mips64 mips64el powerpc ppc64 ppc64el s390x x32
Section:
devel
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Xenial updates on 2017-06-21 main devel
Xenial security on 2017-06-21 main devel

Downloads

File Size SHA-256 Checksum
valgrind_3.11.0.orig.tar.bz2 11.4 MiB 6c396271a8c1ddd5a6fb9abe714ea1e8a86fce85b30ab26b4266aeb4c2413b42
valgrind_3.11.0-1ubuntu4.2.debian.tar.xz 44.8 KiB b9812580da0f91508544154f4c682401c9ee15f2831ade3de5889aed8d790a02
valgrind_3.11.0-1ubuntu4.2.dsc 2.4 KiB 11e0318ada1adcc5e30187f2fbf8cd651a20c3644b8d45ddf2f6abca040f41f6

View changes file

Binary packages built by this source

valgrind: instrumentation framework for building dynamic analysis tools

 Valgrind is a system for debugging and profiling Linux programs. With its tool
 suite you can automatically detect many memory management and threading bugs,
 avoiding hours of frustrating bug-hunting and making your programs more stable.
 You can also perform detailed profiling to help speed up your programs and use
 Valgrind to build new tools.
 .
 The Valgrind distribution currently includes six production-quality tools:
  * a memory error detector (Memcheck)
  * two thread error detectors (Helgrind and DRD)
  * a cache and branch-prediction profiler (Cachegrind)
  * a call-graph generating cache and branch-prediction profiler (Callgrind)
  * a heap profiler (Massif)
 It also includes three experimental tools:
  * a stack/global array overrun detector (SGCheck)
  * a second heap profiler that examines how heap blocks are used (DHAT)
  * a SimPoint basic block vector generator (BBV)

valgrind-dbg: instrumentation framework for building dynamic analysis tools (debug)

 Valgrind is a system for debugging and profiling Linux programs. With its tool
 suite you can automatically detect many memory management and threading bugs,
 avoiding hours of frustrating bug-hunting and making your programs more stable.
 You can also perform detailed profiling to help speed up your programs and use
 Valgrind to build new tools.
 .
 This package provides the debug symbols for valgrind's tools and libraries.

valgrind-dbgsym: debug symbols for package valgrind

 Valgrind is a system for debugging and profiling Linux programs. With its tool
 suite you can automatically detect many memory management and threading bugs,
 avoiding hours of frustrating bug-hunting and making your programs more stable.
 You can also perform detailed profiling to help speed up your programs and use
 Valgrind to build new tools.
 .
 The Valgrind distribution currently includes six production-quality tools:
  * a memory error detector (Memcheck)
  * two thread error detectors (Helgrind and DRD)
  * a cache and branch-prediction profiler (Cachegrind)
  * a call-graph generating cache and branch-prediction profiler (Callgrind)
  * a heap profiler (Massif)
 It also includes three experimental tools:
  * a stack/global array overrun detector (SGCheck)
  * a second heap profiler that examines how heap blocks are used (DHAT)
  * a SimPoint basic block vector generator (BBV)