Ubuntu
radare2 package

Change logs for radare2 source package in Artful

  1. Artful (17.10)
  2. Change log 
  • radare2 (1.6.0+dfsg-1) unstable; urgency=medium

  * New upstream release
   - Fix for CVE-2017-9520 (Closes: #864533)
     The r_config_set function in libr/config/config.c in radare2 1.5.0
     allows remote attackers to cause a denial of service (use-after-free
     and application crash) via a crafted DEX file.
   - Fix for CVE-2017-9949 (Closes: #866068)
     The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0
     allows remote attackers to cause a denial of service (stack-based
     buffer underflow and application crash) or possibly have unspecified
     other impact via a crafted binary file, possibly related to a buffer
     underflow in fs/ext2.c in GNU GRUB 2.02.
   - Fix for CVE-2017-10929 (Closes: #867369)
     The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0
     allows remote attackers to cause a denial of service (heap-based buffer
     overflow and application crash) or possibly have unspecified other
     impact via a crafted binary file, possibly related to a read overflow
     in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB
     2.02.
  * Switch to Debian Standard Version 4.0.0

 -- Sebastian Reichel <email address hidden>  Thu, 13 Jul 2017 00:05:39 +0200
  • radare2 (1.1.0+dfsg-5) unstable; urgency=high

  * Add upstream patch to fix security bug
    - CVE-2017-7946 (Closes: #860962)
      The get_relocs_64 function in libr/bin/format/mach0/mach0.c in
      radare2 1.3.0 allows remote attackers to cause a denial of service
      (use-after-free and application crash) via a crafted Mach0 file.

 -- Sebastian Reichel <email address hidden>  Sun, 23 Apr 2017 23:20:16 +0200
  • radare2 (1.1.0+dfsg-3) unstable; urgency=high

  * Add upstream patches to fix security bugs
    - CVE-2017-6415 (Closes: #856572)
      The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2
      1.2.1 allows remote attackers to cause a denial of service (NULL
      pointer dereference and application crash) via a crafted DEX file.
    - CVE-2017-6387 (Closes: #856574)
      The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1
      allows remote attackers to cause a denial of service (out-of-bounds
      read and application crash) via a crafted DEX file.
    - CVE-2017-6319 (Closes: #856579)
      The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2
      1.2.1 allows remote attackers to cause a denial of service (buffer
      overflow and application crash) or possibly have unspecified other
      impact via a crafted DEX file.
  * Add small patch from Graham Inggs to fix FTBFS when
    linked with as-needed (Closes: #856329)

 -- Sebastian Reichel <email address hidden>  Fri, 03 Mar 2017 05:56:37 +0100