-
radare2 (1.6.0+dfsg-1) unstable; urgency=medium
* New upstream release
- Fix for CVE-2017-9520 (Closes: #864533)
The r_config_set function in libr/config/config.c in radare2 1.5.0
allows remote attackers to cause a denial of service (use-after-free
and application crash) via a crafted DEX file.
- Fix for CVE-2017-9949 (Closes: #866068)
The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0
allows remote attackers to cause a denial of service (stack-based
buffer underflow and application crash) or possibly have unspecified
other impact via a crafted binary file, possibly related to a buffer
underflow in fs/ext2.c in GNU GRUB 2.02.
- Fix for CVE-2017-10929 (Closes: #867369)
The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0
allows remote attackers to cause a denial of service (heap-based buffer
overflow and application crash) or possibly have unspecified other
impact via a crafted binary file, possibly related to a read overflow
in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB
2.02.
* Switch to Debian Standard Version 4.0.0
-- Sebastian Reichel <email address hidden> Thu, 13 Jul 2017 00:05:39 +0200
-
radare2 (1.1.0+dfsg-5) unstable; urgency=high
* Add upstream patch to fix security bug
- CVE-2017-7946 (Closes: #860962)
The get_relocs_64 function in libr/bin/format/mach0/mach0.c in
radare2 1.3.0 allows remote attackers to cause a denial of service
(use-after-free and application crash) via a crafted Mach0 file.
-- Sebastian Reichel <email address hidden> Sun, 23 Apr 2017 23:20:16 +0200
-
radare2 (1.1.0+dfsg-3) unstable; urgency=high
* Add upstream patches to fix security bugs
- CVE-2017-6415 (Closes: #856572)
The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2
1.2.1 allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted DEX file.
- CVE-2017-6387 (Closes: #856574)
The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1
allows remote attackers to cause a denial of service (out-of-bounds
read and application crash) via a crafted DEX file.
- CVE-2017-6319 (Closes: #856579)
The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2
1.2.1 allows remote attackers to cause a denial of service (buffer
overflow and application crash) or possibly have unspecified other
impact via a crafted DEX file.
* Add small patch from Graham Inggs to fix FTBFS when
linked with as-needed (Closes: #856329)
-- Sebastian Reichel <email address hidden> Fri, 03 Mar 2017 05:56:37 +0100