-
elfutils (0.158-0ubuntu5.3) trusty-security; urgency=medium
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2016-10254.patch: Always set ELF maxsize when reading
an ELF file for sanity checks. Based on upstream patch.
- CVE-2016-10254
* SECURITY UPDATE: Denial of service via memory consumption when handling
crafted ELF files
- debian/patches/CVE-2016-10255.patch: Sanity check offset and size before
trying to malloc and read data. Based on upstream patch.
- CVE-2016-10255
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2017-7607-1.patch: Sanity check hash section contents
before processing. Based on upstream patch.
- debian/patches/CVE-2017-7607-2.patch: Fix off by one sanity check in
handle_gnu_hash. Based on upstream patch.
- CVE-2017-7607
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2017-7608.patch: Use the empty string for note names
with zero size. Based on upstream patch.
- CVE-2017-7608
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2017-7610.patch: Don't check section group without
flags word. Based on upstream patch.
- CVE-2017-7610
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2017-7611.patch: Check symbol table data is big
enough before checking. Based on upstream patch.
- CVE-2017-7611
* SECURITY UPDATE: Denial of service via invalid memory read when handling
crafted ELF files
- debian/patches/CVE-2017-7612.patch: Don't trust sh_entsize when checking
hash sections. Based on upstream patch.
- CVE-2017-7612
* SECURITY UPDATE: Denial of service via memory consumption when handling
crafted ELF files
- debian/patches/CVE-2017-7613.patch: Sanity check the number of phdrs and
shdrs available. Based on upstream patch.
- CVE-2017-7613
-- Tyler Hicks <email address hidden> Wed, 17 May 2017 23:27:15 +0000
-
elfutils (0.158-0ubuntu5.2) trusty-security; urgency=medium
* SECURITY UPDATE: Directory traversal via crafted ar archive
- debian/patches/CVE-2014-9447.patch: Prevent root directory traversal
while extracting ar archives
- CVE-2014-9447
-- Tyler Hicks <email address hidden> Tue, 20 Jan 2015 15:22:53 -0600
-
elfutils (0.158-0ubuntu5.1) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service and possible code execution in libdw
via malicious ELF file
- debian/patches/CVE-2014-0172.patch: check for overflow in
libdw/dwarf_begin_elf.c.
- CVE-2014-0172
-- Marc Deslauriers <email address hidden> Tue, 15 Apr 2014 14:39:39 -0400
-
elfutils (0.158-0ubuntu5) trusty; urgency=medium
* debian/rules: force -O2 to work around build failure with -O3.
-- Adam Conrad <email address hidden> Mon, 17 Feb 2014 12:56:43 -0700
-
elfutils (0.158-0ubuntu4) trusty; urgency=medium
* Show test-suite log and logs of failing tests in case of failures.
-- Matthias Klose <email address hidden> Tue, 14 Jan 2014 09:50:09 +0100
-
elfutils (0.158-0ubuntu3) trusty; urgency=medium
* Ignore run-backtrace-native.sh and run-backtrace-dwarf.sh test failures
on powerpc and ppc64el. See LP #1268847.
-- Matthias Klose <email address hidden> Tue, 14 Jan 2014 07:27:16 +0100
-
elfutils (0.158-0ubuntu2) trusty; urgency=medium
* Fix test cases, when /proc/sys/kernel/core_uses_pid is set to 0.
-- Matthias Klose <email address hidden> Mon, 06 Jan 2014 19:55:50 +0100
-
elfutils (0.158-0ubuntu1) trusty; urgency=medium
* New upstream version, adding AArch64 support.
-- Matthias Klose <email address hidden> Mon, 06 Jan 2014 12:37:48 +0100
-
elfutils (0.157-1ubuntu1) saucy; urgency=low
* Don't run the testsuite on AArch64, native test are failing.
Requires a (not yet implemented) backend.
-- Matthias Klose <doko@18xx.org> Wed, 09 Oct 2013 10:35:10 +0200
