diff -Nru binutils-2.30/debian/changelog binutils-2.30/debian/changelog
--- binutils-2.30/debian/changelog	2023-09-19 02:48:49.000000000 +0000
+++ binutils-2.30/debian/changelog	2023-10-20 16:11:49.000000000 +0000
@@ -1,9 +1,41 @@
-binutils (2.30-21ubuntu1~16.04.9sav1) xenial; urgency=medium
+binutils (2.30-21ubuntu1~16.04.9sav2) xenial; urgency=medium
 
   * Backport to Xenial
   * d/control{,.in}: Remove all nocheck BDs (unavailable GCC cross-arch)
 
- -- Rob Savoury <savoury@savos.tech>  Mon, 18 Sep 2023 19:48:49 -0700
+ -- Rob Savoury <savoury@savos.tech>  Fri, 20 Oct 2023 09:11:49 -0700
+
+binutils (2.30-21ubuntu1~18.04.9+esm3) bionic-security; urgency=medium
+
+  * SECURITY UPDATE: reachable assertion failure in dwarf.c
+    - debian/patches/CVE-2022-35205.patch: replace assert with a warning
+      message (display_debug_names).
+    - CVE-2022-35205
+  * SECURITY UPDATE: memory leak in stabs.c
+    - debian/patches/CVE-2022-47007.patch: free dt on failure path
+      (stab_demangle_v3_arg).
+    - CVE-2022-47007
+  * SECURITY UPDATE: memory leak in bucomm.c
+    - debian/patches/CVE-2022-47008.patch: free template on all failure paths
+      (make_tempdir, make_tempname).
+    - CVE-2022-47008
+  * SECURITY UPDATE: memory leak in prdbg.c
+    - debian/patches/CVE-2022-47010.patch: free "s" on failure path
+      (pr_function_type).
+    - CVE-2022-47010
+  * SECURITY UPDATE: memory leak in stabs.c
+    - debian/patches/CVE-2022-47011.patch: free "fields" on failure path
+      (parse_stab_struct_fields).
+    - CVE-2022-47011
+  * SECURITY UPDATE: excessive memory allocation in objdump.c
+    - debian/patches/CVE-2022-48063-pre.patch: check for excessively large
+      sections (load_specific_debug_section).
+    - debian/patches/CVE-2022-48063.patch: check that the amount of memory to
+      be allocated matches the size of the section
+      (load_specific_debug_section).
+    - CVE-2022-48063
+
+ -- Camila Camargo de Matos <camila.camargodematos@canonical.com>  Wed, 27 Sep 2023 13:36:42 -0300
 
 binutils (2.30-21ubuntu1~18.04.9+esm1) bionic-security; urgency=medium
 
diff -Nru binutils-2.30/debian/patches/CVE-2022-35205.patch binutils-2.30/debian/patches/CVE-2022-35205.patch
--- binutils-2.30/debian/patches/CVE-2022-35205.patch	1970-01-01 00:00:00.000000000 +0000
+++ binutils-2.30/debian/patches/CVE-2022-35205.patch	2023-09-27 16:29:37.000000000 +0000
@@ -0,0 +1,34 @@
+Origin: backport, https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e3e5ae049371a27fd1737aba946fe26d06e029b5
+
+From e3e5ae049371a27fd1737aba946fe26d06e029b5 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Mon, 27 Jun 2022 13:43:02 +0100
+Subject: [PATCH] Replace a run-time assertion failure with a warning message
+ when parsing corrupt DWARF data.
+
+	PR 29289
+	* dwarf.c (display_debug_names): Replace assert with a warning
+	message.
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/dwarf.c   | 7 ++++++-
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+
+Index: binutils-2.30/binutils/dwarf.c
+===================================================================
+--- binutils-2.30.orig/binutils/dwarf.c
++++ binutils-2.30/binutils/dwarf.c
+@@ -8507,7 +8507,12 @@ display_debug_names (struct dwarf_sectio
+       printf (_("Out of %lu items there are %zu bucket clashes"
+ 		" (longest of %zu entries).\n"),
+ 	      (unsigned long) name_count, hash_clash_count, longest_clash);
+-      assert (name_count == buckets_filled + hash_clash_count);
++
++      if (name_count != buckets_filled + hash_clash_count)
++	warn (_("The name_count (%lu) is not the same as the used bucket_count (%lu) + the hash clash count (%lu)"),
++	      (unsigned long) name_count,
++	      (unsigned long) buckets_filled,
++	      (unsigned long) hash_clash_count);
+ 
+       struct abbrev_lookup_entry
+       {
diff -Nru binutils-2.30/debian/patches/CVE-2022-47007.patch binutils-2.30/debian/patches/CVE-2022-47007.patch
--- binutils-2.30/debian/patches/CVE-2022-47007.patch	1970-01-01 00:00:00.000000000 +0000
+++ binutils-2.30/debian/patches/CVE-2022-47007.patch	2023-09-27 16:29:37.000000000 +0000
@@ -0,0 +1,30 @@
+From 0ebc886149c22aceaf8ed74267821a59ca9d03eb Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Fri, 17 Jun 2022 09:00:41 +0930
+Subject: [PATCH] PR29254, memory leak in stab_demangle_v3_arg
+
+	PR 29254
+	* stabs.c (stab_demangle_v3_arg): Free dt on failure path.
+---
+ binutils/stabs.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/binutils/stabs.c b/binutils/stabs.c
+index 2b5241637c1..796ff85b86a 100644
+--- a/binutils/stabs.c
++++ b/binutils/stabs.c
+@@ -5467,7 +5467,10 @@ stab_demangle_v3_arg (void *dhandle, struct stab_handle *info,
+ 					  dc->u.s_binary.right,
+ 					  &varargs);
+ 	if (pargs == NULL)
+-	  return NULL;
++	  {
++	    free (dt);
++	    return NULL;
++	  }
+ 
+ 	return debug_make_function_type (dhandle, dt, pargs, varargs);
+       }
+-- 
+2.39.3
+
diff -Nru binutils-2.30/debian/patches/CVE-2022-47008.patch binutils-2.30/debian/patches/CVE-2022-47008.patch
--- binutils-2.30/debian/patches/CVE-2022-47008.patch	1970-01-01 00:00:00.000000000 +0000
+++ binutils-2.30/debian/patches/CVE-2022-47008.patch	2023-09-27 16:29:37.000000000 +0000
@@ -0,0 +1,59 @@
+From d6e1d48c83b165c129cb0aa78905f7ca80a1f682 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Fri, 17 Jun 2022 09:13:38 +0930
+Subject: [PATCH] PR29255, memory leak in make_tempdir
+
+	PR 29255
+	* bucomm.c (make_tempdir, make_tempname): Free template on all
+	failure paths.
+---
+ binutils/bucomm.c | 20 +++++++++++---------
+ 1 file changed, 11 insertions(+), 9 deletions(-)
+
+Index: binutils-2.30/binutils/bucomm.c
+===================================================================
+--- binutils-2.30.orig/binutils/bucomm.c
++++ binutils-2.30/binutils/bucomm.c
+@@ -524,8 +524,9 @@ make_tempname (char *filename)
+ #else
+   tmpname = mktemp (tmpname);
+   if (tmpname == NULL)
+-    return NULL;
+-  fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600);
++    fd = -1;
++  else
++    fd = open (tmpname, O_RDWR | O_CREAT | O_EXCL, 0600);
+ #endif
+   if (fd == -1)
+     {
+@@ -543,22 +544,23 @@ char *
+ make_tempdir (char *filename)
+ {
+   char *tmpname = template_in_dir (filename);
++  char *ret;
+ 
+ #ifdef HAVE_MKDTEMP
+-  return mkdtemp (tmpname);
++  ret = mkdtemp (tmpname);
+ #else
+-  tmpname = mktemp (tmpname);
+-  if (tmpname == NULL)
+-    return NULL;
++  ret = mktemp (tmpname);
+ #if defined (_WIN32) && !defined (__CYGWIN32__)
+   if (mkdir (tmpname) != 0)
+-    return NULL;
++    ret = NULL;
+ #else
+   if (mkdir (tmpname, 0700) != 0)
+-    return NULL;
++    ret = NULL;
+ #endif
+-  return tmpname;
+ #endif
++  if (ret == NULL)
++    free (tmpname);
++  return ret;
+ }
+ 
+ /* Parse a string into a VMA, with a fatal error if it can't be
diff -Nru binutils-2.30/debian/patches/CVE-2022-47010.patch binutils-2.30/debian/patches/CVE-2022-47010.patch
--- binutils-2.30/debian/patches/CVE-2022-47010.patch	1970-01-01 00:00:00.000000000 +0000
+++ binutils-2.30/debian/patches/CVE-2022-47010.patch	2023-09-27 16:36:42.000000000 +0000
@@ -0,0 +1,35 @@
+Origin: backport, https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d02e70b197c786f26175b9a73f94e01d14abdab
+
+From 0d02e70b197c786f26175b9a73f94e01d14abdab Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 20 Jun 2022 10:39:31 +0930
+Subject: [PATCH] PR29262, memory leak in pr_function_type
+
+	PR 29262
+	* prdbg.c (pr_function_type): Free "s" on failure path.
+---
+ binutils/prdbg.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/binutils/prdbg.c b/binutils/prdbg.c
+index c1e41628d26..bb42a5b6c2d 100644
+--- a/binutils/prdbg.c
++++ b/binutils/prdbg.c
+@@ -742,12 +742,9 @@ pr_function_type (void *p, int argcount, bool varargs)
+ 
+   strcat (s, ")");
+ 
+-  if (! substitute_type (info, s))
+-    return FALSE;
+-
++  bfd_boolean ret = substitute_type (info, s);
+   free (s);
+-
+-  return TRUE;
++  return ret;
+ }
+ 
+ /* Turn the top type on the stack into a reference to that type.  */
+-- 
+2.39.3
+
diff -Nru binutils-2.30/debian/patches/CVE-2022-47011.patch binutils-2.30/debian/patches/CVE-2022-47011.patch
--- binutils-2.30/debian/patches/CVE-2022-47011.patch	1970-01-01 00:00:00.000000000 +0000
+++ binutils-2.30/debian/patches/CVE-2022-47011.patch	2023-09-27 16:29:37.000000000 +0000
@@ -0,0 +1,32 @@
+Origin: backport, https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8a24927bc8dbf6beac2000593b21235c3796dc35
+
+From 8a24927bc8dbf6beac2000593b21235c3796dc35 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amodra@gmail.com>
+Date: Mon, 20 Jun 2022 10:39:13 +0930
+Subject: [PATCH] PR29261, memory leak in parse_stab_struct_fields
+
+	PR 29261
+	* stabs.c (parse_stab_struct_fields): Free "fields" on failure path.
+---
+ binutils/stabs.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/binutils/stabs.c b/binutils/stabs.c
+index 796ff85b86a..bf3f578cbcc 100644
+--- a/binutils/stabs.c
++++ b/binutils/stabs.c
+@@ -2367,7 +2367,10 @@ parse_stab_struct_fields (void *dhandle,
+ 
+       if (! parse_stab_one_struct_field (dhandle, info, pp, p, fields + c,
+ 					 staticsp))
+-	return FALSE;
++	{
++	  free (fields);
++	  return FALSE;
++	}
+ 
+       ++c;
+     }
+-- 
+2.39.3
+
diff -Nru binutils-2.30/debian/patches/CVE-2022-48063.patch binutils-2.30/debian/patches/CVE-2022-48063.patch
--- binutils-2.30/debian/patches/CVE-2022-48063.patch	1970-01-01 00:00:00.000000000 +0000
+++ binutils-2.30/debian/patches/CVE-2022-48063.patch	2023-09-27 16:36:42.000000000 +0000
@@ -0,0 +1,31 @@
+Origin: backport, https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd
+
+From 75393a2d54bcc40053e5262a3de9d70c5ebfbbfd Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Wed, 21 Dec 2022 11:51:23 +0000
+Subject: [PATCH] Fix an attempt to allocate an unreasonably large amount of
+ memory when parsing a corrupt ELF file.
+
+	PR  29924
+	* objdump.c (load_specific_debug_section): Check for excessively
+	large sections.
+---
+ binutils/ChangeLog | 6 ++++++
+ binutils/objdump.c | 4 +++-
+ 2 files changed, 9 insertions(+), 1 deletion(-)
+
+Index: binutils-2.26.1/binutils/objdump.c
+===================================================================
+--- binutils-2.26.1.orig/binutils/objdump.c
++++ binutils-2.26.1/binutils/objdump.c
+@@ -2325,7 +2325,9 @@ load_specific_debug_section (enum dwarf_
+   section->size = bfd_get_section_size (sec);
+   /* PR 24360: On 32-bit hosts sizeof (size_t) < sizeof (bfd_size_type). */
+   alloced = amt = section->size + 1;
+-  if (alloced != amt || alloced == 0 || alloced > bfd_get_file_size (abfd))
++  if (alloced != amt
++      || alloced == 0
++      || (bfd_get_file_size (abfd) != 0 && alloced >= bfd_get_file_size (abfd)))
+     {
+       section->start = NULL;
+       free_debug_section (debug);
diff -Nru binutils-2.30/debian/patches/CVE-2022-48063-pre.patch binutils-2.30/debian/patches/CVE-2022-48063-pre.patch
--- binutils-2.30/debian/patches/CVE-2022-48063-pre.patch	1970-01-01 00:00:00.000000000 +0000
+++ binutils-2.30/debian/patches/CVE-2022-48063-pre.patch	2023-09-27 16:29:37.000000000 +0000
@@ -0,0 +1,49 @@
+Origin: backport, https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=634557801d909982b47b1723f4216ebe8bc784aa
+
+From 634557801d909982b47b1723f4216ebe8bc784aa Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 19 Mar 2019 13:39:30 +0000
+Subject: [PATCH] Prevent an illegal memory access by objdump when parsing a
+ corrupt file on a 32-bit host.
+
+	PR 24360
+	* objdump.c (load_specific_debug_section): Check that the amount
+	of memory to be allocated matches the size of the section.
+---
+ binutils/ChangeLog |  6 ++++++
+ binutils/objdump.c | 16 +++++++++-------
+ 2 files changed, 15 insertions(+), 7 deletions(-)
+
+Index: binutils-2.30/binutils/objdump.c
+===================================================================
+--- binutils-2.30.orig/binutils/objdump.c
++++ binutils-2.30/binutils/objdump.c
+@@ -2474,6 +2474,7 @@ load_specific_debug_section (enum dwarf_
+   bfd *abfd = (bfd *) file;
+   bfd_byte *contents;
+   bfd_size_type amt;
++  size_t alloced;
+ 
+   if (section->start != NULL)
+     {
+@@ -2489,8 +2490,9 @@ load_specific_debug_section (enum dwarf_
+   section->address = bfd_get_section_vma (abfd, sec);
+   section->user_data = sec;
+   section->size = bfd_get_section_size (sec);
+-  amt = section->size + 1;
+-  if (amt == 0 || amt > bfd_get_file_size (abfd))
++  /* PR 24360: On 32-bit hosts sizeof (size_t) < sizeof (bfd_size_type). */
++  alloced = amt = section->size + 1;
++  if (alloced != amt || alloced == 0 || alloced > bfd_get_file_size (abfd))
+     {
+       section->start = NULL;
+       free_debug_section (debug);
+@@ -2498,7 +2500,7 @@ load_specific_debug_section (enum dwarf_
+ 	      section->name, (unsigned long long) section->size);
+       return FALSE;
+     }
+-  section->start = contents = malloc (amt);
++  section->start = contents = malloc (alloced);
+   if (section->start == NULL
+       || !bfd_get_full_section_contents (abfd, sec, &contents))
+     {
diff -Nru binutils-2.30/debian/patches/series binutils-2.30/debian/patches/series
--- binutils-2.30/debian/patches/series	2023-09-11 10:58:10.000000000 +0000
+++ binutils-2.30/debian/patches/series	2023-09-27 16:36:42.000000000 +0000
@@ -101,3 +101,10 @@
 CVE-2022-45703-0.patch
 CVE-2022-45703-1.patch
 CVE-2022-47695.patch
+CVE-2022-35205.patch
+CVE-2022-47007.patch
+CVE-2022-47008.patch
+CVE-2022-47010.patch
+CVE-2022-47011.patch
+CVE-2022-48063-pre.patch
+CVE-2022-48063.patch