Format: 1.8
Date: Mon, 12 Jun 2017 12:44:40 -0400
Source: libiberty
Binary: libiberty-dev
Architecture: source
Version: 20131116-1ubuntu0.2
Distribution: trusty-security
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 libiberty-dev - library of utility functions used by GNU programs
Changes: 
 libiberty (20131116-1ubuntu0.2) trusty-security; urgency=medium
 .
   * SECURITY UPDATE: integer overflow in string_appends
     - debian/patches/CVE-2016-2226.patch: check for overflow in
       libiberty/cplus-dem.c.
     - CVE-2016-2226
   * SECURITY UPDATE: use-after-free vulberabilities
     - debian/patches/CVE-2016-4487_4488.patch: set bsize and ksize in
       libiberty/cplus-dem.c, added test to
       libiberty/testsuite/demangle-expected.
     - CVE-2016-4487
     - CVE-2016-4488
   * SECURITY UPDATE: integer overflow in gnu_special
     - debian/patches/CVE-2016-4489.patch: handle case where consume_count
       returns -1 in libiberty/cplus-dem.c.
     - CVE-2016-4489
   * SECURITY UPDATE: integer overflow after sanity checks
     - debian/patches/CVE-2016-4490.patch: parse numbers as integer instead
       of long in libiberty/cp-demangle.c, added test to
       libiberty/testsuite/demangle-expected.
     - CVE-2016-4490
   * SECURITY UPDATE: denial of service via infinite recursion
     - debian/patches/CVE-2016-4491-pre.patch: limit recursion in
       libiberty/cp-demangle.c, added test to
       libiberty/testsuite/demangle-expected.
     - debian/patches/CVE-2016-4491-1.patch: limit recursion in
       include/demangle.h, libiberty/cp-demangle.c, libiberty/cp-demint.c,
       added test to libiberty/testsuite/demangle-expected.
     - debian/patches/CVE-2016-4491-2.patch: limit more recursion in
       libiberty/cp-demangle.c.
     - debian/patches/CVE-2016-4491-3.patch: initialize d_printing in
       libiberty/cp-demangle.c.
     - CVE-2016-4491
   * SECURITY UPDATE: buffer overflow in do_type
     - debian/patches/CVE-2016-4492_4493.patch: properly handle large values
       and overflow in libiberty/cplus-dem.c, added test to
       libiberty/testsuite/demangle-expected.
     - CVE-2016-4492
     - CVE-2016-4493
   * SECURITY UPDATE: denial of service via infinite recursion
     - debian/patches/CVE-2016-6131.patch: prevent infinite recursion in
       libiberty/cplus-dem.c, added test to
       libiberty/testsuite/demangle-expected.
     - CVE-2016-6131
Checksums-Sha1: 
 a6ce1a1f3efea92f6c41952b039779b9897e2532 1899 libiberty_20131116-1ubuntu0.2.dsc
 b9165003f6c202ff3a45e969ab32afb1a1888409 18382 libiberty_20131116-1ubuntu0.2.debian.tar.gz
Checksums-Sha256: 
 5941967777881a1ab6381751d4c797293b38758c2a36ed09bfeeff020cf4c103 1899 libiberty_20131116-1ubuntu0.2.dsc
 d85afedddd568fa742155899ddd676782efc4aed8f1913f18c775e97b53a26f6 18382 libiberty_20131116-1ubuntu0.2.debian.tar.gz
Files: 
 81bba6e9cf9e6ee4bc9e12f67c8d3c1f 1899 libdevel optional libiberty_20131116-1ubuntu0.2.dsc
 be523d906c36deefba16e44ff149b71a 18382 libdevel optional libiberty_20131116-1ubuntu0.2.debian.tar.gz
Original-Maintainer: Debian GCC Maintainers <debian-gcc@lists.debian.org>