Format: 1.8 Date: Fri, 09 Jun 2017 10:41:47 -0400 Source: gdb Binary: gdb gdb64 gdb-multiarch gdbserver gdb-source gdb-dbg gdb-doc Architecture: source Version: 7.11.1-0ubuntu1~16.5 Distribution: xenial-security Urgency: medium Maintainer: Ubuntu Developers Changed-By: Marc Deslauriers Description: gdb - GNU Debugger gdb-dbg - GNU Debugger (debug package) gdb-doc - The GNU Debugger Documentation gdb-multiarch - GNU Debugger (with support for multiple architectures) gdb-source - GNU Debugger (source) gdb64 - GNU Debugger (64-bit) gdbserver - GNU Debugger (remote server) Changes: gdb (7.11.1-0ubuntu1~16.5) xenial-security; urgency=medium . * SECURITY UPDATE: integer overflow in string_appends - debian/patches/CVE-2016-2226.patch: check for overflow in libiberty/cplus-dem.c, added xmalloc_failed to gdb/common/common-utils.c. - CVE-2016-2226 * SECURITY UPDATE: use-after-free vulberabilities - debian/patches/CVE-2016-4487_4488.patch: set bsize and ksize in libiberty/cplus-dem.c, added test to libiberty/testsuite/demangle-expected. - CVE-2016-4487 - CVE-2016-4488 * SECURITY UPDATE: integer overflow in gnu_special - debian/patches/CVE-2016-4489.patch: handle case where consume_count returns -1 in libiberty/cplus-dem.c. - CVE-2016-4489 * SECURITY UPDATE: integer overflow after sanity checks - debian/patches/CVE-2016-4490.patch: parse numbers as integer instead of long in libiberty/cp-demangle.c, added test to libiberty/testsuite/demangle-expected. - CVE-2016-4490 * SECURITY UPDATE: denial of service via infinite recursion - debian/patches/CVE-2016-4491-1.patch: limit recursion in include/demangle.h, libiberty/cp-demangle.c, libiberty/cp-demint.c, added test to libiberty/testsuite/demangle-expected. - debian/patches/CVE-2016-4491-2.patch: limit more recursion in libiberty/cp-demangle.c. - debian/patches/CVE-2016-4491-3.patch: initialize d_printing in gdb/cp-name-parser.y, libiberty/cp-demangle.c. - CVE-2016-4491 * SECURITY UPDATE: buffer overflow in do_type - debian/patches/CVE-2016-4492_4493.patch: properly handle large values and overflow in libiberty/cplus-dem.c, added test to libiberty/testsuite/demangle-expected. - CVE-2016-4492 - CVE-2016-4493 * SECURITY UPDATE: denial of service via infinite recursion - debian/patches/CVE-2016-6131.patch: prevent infinite recursion in libiberty/cplus-dem.c, added test to libiberty/testsuite/demangle-expected. - CVE-2016-6131 Checksums-Sha1: 7d6dada008364f6c052eb1465a41971f937b59f8 3204 gdb_7.11.1-0ubuntu1~16.5.dsc 5d95b694b2f7656ebe647455b3fc7fae15d3ec12 63856 gdb_7.11.1-0ubuntu1~16.5.debian.tar.xz Checksums-Sha256: e0d997d4613e83665fa9c34fc1b1d9b03d45fae10a10c4580ff1d5df89884427 3204 gdb_7.11.1-0ubuntu1~16.5.dsc 213e54ce8d41c7d19537cb5540deed330487da1b2c95b396d02aacb8a66118eb 63856 gdb_7.11.1-0ubuntu1~16.5.debian.tar.xz Files: 1da7d41cb1e48f20e200f863825da76c 3204 devel optional gdb_7.11.1-0ubuntu1~16.5.dsc 8974191bae2c1b9e3ad9049e2e4472eb 63856 devel optional gdb_7.11.1-0ubuntu1~16.5.debian.tar.xz Original-Maintainer: Héctor Orón Martínez