[Git][security-tracker-team/security-tracker][master] various binutils fixes in sid

Moritz Muehlenhoff jmm at debian.org
Thu Aug 8 17:54:54 BST 2019 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ddce6fbc by Moritz Muehlenhoff at 2019-08-08T16:54:05Z
various binutils fixes in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14398,7 +14398,7 @@ CVE-2019-1010182 (yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recur
 CVE-2019-1010181
 	RESERVED
 CVE-2019-1010180 (GNU gdb All versions is affected by: Buffer Overflow - Out of bound me ...)
-	- binutils <unfixed> (unimportant)
+	- binutils 2.32.51.20190707-1 (unimportant)
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8ff71a9c80cfcf64c54d4ae938c644b1b1ea19fb
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23657
 CVE-2019-1010179 (PHKP including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b is affe ...)
@@ -17100,7 +17100,7 @@ CVE-2019-9071 (An issue was discovered in GNU libiberty, as distributed in GNU B
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24227
 	NOTE: binutils not covered by security support
 CVE-2019-9070 (An issue was discovered in GNU libiberty, as distributed in GNU Binuti ...)
-	- binutils <unfixed> (unimportant)
+	- binutils 2.32.51.20190707-1 (unimportant)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89395
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24229
 	NOTE: binutils not covered by security support
@@ -27190,7 +27190,7 @@ CVE-2018-20673 (The demangle_template function in cplus-dem.c in GNU libiberty,
 CVE-2018-20672
 	RESERVED
 CVE-2018-20671 (load_specific_debug_section in objdump.c in GNU Binutils through 2.31. ...)
-	- binutils <unfixed> (unimportant)
+	- binutils 2.32.51.20190707-1 (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24005
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11fa9f134fd658075c6f74499c780df045d9e9ca
 	NOTE: binutils not covered by security support
@@ -30527,9 +30527,8 @@ CVE-2018-20659 (An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom cl
 CVE-2018-20658 (The server in Core FTP 2.0 build 653 on 32-bit platforms allows remote ...)
 	NOT-FOR-US: Core FTP
 CVE-2018-20657 (The demangle_template function in cplus-dem.c in GNU libiberty, as dis ...)
-	- binutils <unfixed> (unimportant)
+	NOTE: Short-lived, small  memleak, not considered a real bug by upstream
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88539
-	NOTE: binutils not covered by security support
 CVE-2018-20656
 	RESERVED
 CVE-2018-20655 (When receiving calls using WhatsApp for iOS, a missing size check when ...)
@@ -31827,7 +31826,7 @@ CVE-2018-1000877 (libarchive version commit 416694915449219d505531b1096384f3237d
 	NOTE: Introduced after: https://github.com/libarchive/libarchive/commit/416694915449219d505531b1096384f3237dd6cc
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/021efa522ad729ff0f5806c4ce53e4a6cc1daa31
 CVE-2018-1000876 (binutils version 2.32 and earlier contains a Integer Overflow vulnerab ...)
-	- binutils <unfixed> (unimportant)
+	- binutils 2.32.51.20190707-1 (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23994
 	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f
 	NOTE: binutils not covered by security support
@@ -43840,7 +43839,7 @@ CVE-2018-18486 (An issue was discovered in PHPSHE 1.7. SQL injection exists via
 CVE-2018-18485 (An issue was discovered in PHPSHE 1.7. admin.php?mod=db&act=del al ...)
 	NOT-FOR-US: PHPSHE
 CVE-2018-18484 (An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ...)
-	- binutils <unfixed> (unimportant)
+	- binutils 2.32.51.20190707-1 (unimportant)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636
 	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
 	NOTE: binutils not covered by security support
@@ -45280,7 +45279,7 @@ CVE-2018-17987 (The determineWinner function of a smart contract implementation
 CVE-2018-17986 (rars/user/data in razorCMS 3.4.8 allows CSRF for changing the password ...)
 	NOT-FOR-US: razorCMS
 CVE-2018-17985 (An issue was discovered in cp-demangle.c in GNU libiberty, as distribu ...)
-	- binutils <unfixed> (unimportant)
+	- binutils 2.32.51.20190707-1 (unimportant)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335
 	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
 	NOTE: binutils not covered by security support
@@ -45783,7 +45782,7 @@ CVE-2018-17795 (The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 allows
 	NOTE: with same commit.
 	NOTE: https://gitlab.com/libtiff/libtiff/commit/3dd8f6a357981a4090f126ab9025056c938b6940
 CVE-2018-17794 (An issue was discovered in cplus-dem.c in GNU libiberty, as distribute ...)
-	- binutils <unfixed> (unimportant)
+	- binutils 2.32.51.20190707-1 (unimportant)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350
 	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
 	NOTE: binutils not covered by security support
@@ -58677,25 +58676,25 @@ CVE-2018-12702 (The approveAndCallcode function of a smart contract implementati
 CVE-2018-12701
 	RESERVED
 CVE-2018-12700 (A Stack Exhaustion issue was discovered in debug_write_type in debug.c ...)
-	- binutils <unfixed> (unimportant)
+	- binutils 2.32.51.20190707-1 (unimportant)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
 	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
 	NOTE: binutils not covered by security support
 CVE-2018-12699 (finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause  ...)
-	- binutils <unfixed> (unimportant)
+	- binutils 2.32.51.20190707-1 (unimportant)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
 	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
 	NOTE: binutils not covered by security support
 CVE-2018-12698 (demangle_template in cplus-dem.c in GNU libiberty, as distributed in G ...)
-	- binutils <unfixed> (unimportant)
+	- binutils 2.32.51.20190707-1 (unimportant)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
 	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
 	NOTE: binutils not covered by security support
 CVE-2018-12697 (A NULL pointer dereference (aka SEGV on unknown address 0x000000000000 ...)
-	- binutils <unfixed> (unimportant)
+	- binutils 2.32.51.20190707-1 (unimportant)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
 	NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
@@ -58820,7 +58819,7 @@ CVE-2018-12643
 CVE-2018-12642 (Froxlor through 0.9.39.5 has Incorrect Access Control for tickets not  ...)
 	NOT-FOR-US: Floxlor
 CVE-2018-12641 (An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as  ...)
-	- binutils <unfixed> (unimportant)
+	NOTE: harmless crashes exposed by binutils, but underlying issue is in libiberty from GCC
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23058
@@ -68677,7 +68676,7 @@ CVE-2018-9140 (On Samsung mobile devices with M(6.0) software, the Email applica
 CVE-2018-9139 (On Samsung mobile devices with N(7.x) software, a buffer overflow in t ...)
 	NOT-FOR-US: Samsung
 CVE-2018-9138 (An issue was discovered in cplus-dem.c in GNU libiberty, as distribute ...)
-	- binutils <unfixed> (unimportant)
+	- binutils 2.32.51.20190707-1 (unimportant)
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23008
 	NOTE: binutils not covered by security support
 CVE-2018-9137 (Open-AudIT before 2.2 has CSV Injection. ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ddce6fbc9bf3425f3ee8aa85bf3a7fce3e020ee9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ddce6fbc9bf3425f3ee8aa85bf3a7fce3e020ee9
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190808/7967fd82/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list