[Git][security-tracker-team/security-tracker][master] 12 commits: Reference gcc (libiberty) upstream fix for CVE-2018-12641
Salvatore Bonaccorso
carnil at debian.org
Tue Jan 1 22:16:53 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c9ad896c by Salvatore Bonaccorso at 2019-01-01T21:29:34Z
Reference gcc (libiberty) upstream fix for CVE-2018-12641
- - - - -
f4715e6e by Salvatore Bonaccorso at 2019-01-01T21:34:03Z
Reference upstream gcc (libiberty) fix for upstream bug 85454
Adresses the CVEs CVE-2018-12697, CVE-2018-12698, CVE-2018-12699 and
CVE-2018-12700 for binutils.
Cf. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
- - - - -
7af3d1f6 by Salvatore Bonaccorso at 2019-01-01T21:37:58Z
CVE-2018-12934: Add additional upstream bug reference
The upstream issue https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453
was actually a duplicate report of
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84950 .
- - - - -
28b23596 by Salvatore Bonaccorso at 2019-01-01T21:48:22Z
Track fix for CVE-2018-1735{8,9}/binutils in experimental version
The fix is present in the experimentalversion since the import of
2.31.51.20181022 from trunk.
- - - - -
5c952362 by Salvatore Bonaccorso at 2019-01-01T21:53:05Z
Track fixed version for CVE-2018-17360/binutils via experimental
The fix landed in experimental via the import of the new upstream
version 2.31.51.20181022 based on trunk.
- - - - -
32a1a728 by Salvatore Bonaccorso at 2019-01-01T21:57:25Z
Reference gcc (libiberty) fix for various CVEs
CVE-2018-18701, CVE-2018-18700, CVE-2018-18484, CVE-2018-17985 and
CVE-2018-17794 for binutils all refer to the same upstream fix in the
underlying libibierty issue fixed by
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
..
- - - - -
dcb45789 by Salvatore Bonaccorso at 2019-01-01T22:01:37Z
CVE-2018-18309/binutils fixed in experimental
The new upstream version 2.31.51.20181022 imported to experimental
adressed CVE-2018-18309.
- - - - -
b73b0707 by Salvatore Bonaccorso at 2019-01-01T22:06:20Z
CVE-2018-18605/binutils fixed in experimental
- - - - -
469bd6cf by Salvatore Bonaccorso at 2019-01-01T22:07:44Z
CVE-2018-18606/binutils fixed in experimental
- - - - -
5a888b98 by Salvatore Bonaccorso at 2019-01-01T22:08:47Z
CVE-2018-18607/binutils fixed in experimental
- - - - -
c9979e88 by Salvatore Bonaccorso at 2019-01-01T22:11:43Z
CVE-2018-19931/binutils fixed in experimental with 2.31.51.20181204-1
- - - - -
6aea9d29 by Salvatore Bonaccorso at 2019-01-01T22:12:46Z
CVE-2018-19932/binutils fixed in experimental via 2.31.51.20181204-1
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -5850,12 +5850,14 @@ CVE-2018-19935 (ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remot
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77020
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=648fc1e369fc05fb9200a42c7938912236b2a318
CVE-2018-19932 (An issue was discovered in the Binary File Descriptor (BFD) library ...)
+ [experimental] - binutils 2.31.51.20181204-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23932
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=beab453223769279cc1cef68a1622ab8978641f7
CVE-2018-19931 (An issue was discovered in the Binary File Descriptor (BFD) library ...)
+ [experimental] - binutils 2.31.51.20181204-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -11957,11 +11959,13 @@ CVE-2018-18701 (An issue was discovered in cp-demangle.c in GNU libiberty, as ..
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87675
+ NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
CVE-2018-18700 (An issue was discovered in cp-demangle.c in GNU libiberty, as ...)
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87681
+ NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
CVE-2018-18699 (An issue was discovered in GoPro gpmf-parser 1.2.1. There is an ...)
NOT-FOR-US: GoPro gpmf-parser
CVE-2018-18698 (An issue was discovered on Xiaomi Mi A1 ...)
@@ -12193,18 +12197,21 @@ CVE-2018-18609
CVE-2018-18608 (DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined ...)
NOT-FOR-US: DedeCMS
CVE-2018-18607 (An issue was discovered in elf_link_input_bfd in elflink.c in the ...)
+ [experimental] - binutils 2.31.51.20181204-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23805
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=102def4da826b3d9e169741421e5e67e8731909a
CVE-2018-18606 (An issue was discovered in the merge_strings function in merge.c in the ...)
+ [experimental] - binutils 2.31.51.20181204-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23806
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=45a0eaf77022963d639d6d19871dbab7b79703fc
CVE-2018-18605 (A heap-based buffer over-read issue was discovered in the function ...)
+ [experimental] - binutils 2.31.51.20181204-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -12527,6 +12534,7 @@ CVE-2018-18484 (An issue was discovered in cp-demangle.c in GNU libiberty, as ..
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87636
+ NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
CVE-2018-18483 (The get_count function in cplus-dem.c in GNU libiberty, as distributed ...)
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
@@ -13001,6 +13009,7 @@ CVE-2018-18310 (An invalid memory address dereference was discovered in ...)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23752
NOTE: https://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html
CVE-2018-18309 (An issue was discovered in the Binary File Descriptor (BFD) library ...)
+ [experimental] - binutils 2.31.51.20181022-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -13938,6 +13947,7 @@ CVE-2018-17985 (An issue was discovered in cp-demangle.c in GNU libiberty, as ..
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87335
+ NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
CVE-2018-17984 (An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 ...)
NOT-FOR-US: ISPConfig
CVE-2018-17982
@@ -14428,6 +14438,7 @@ CVE-2018-17794 (An issue was discovered in cplus-dem.c in GNU libiberty, as dist
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87350
+ NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
CVE-2015-9268 (Nullsoft Scriptable Install System (NSIS) before 2.49 has unsafe ...)
{DLA-1602-1}
- nsis 2.50-1
@@ -15417,18 +15428,21 @@ CVE-2018-17362
CVE-2018-17361 (Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers ...)
NOT-FOR-US: WeaselCMS
CVE-2018-17360 (An issue was discovered in the Binary File Descriptor (BFD) library ...)
+ [experimental] - binutils 2.31.51.20181022-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23685
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf93e9c2cf8f8b2566f8fc86e961592b51b5980d
CVE-2018-17359 (An issue was discovered in the Binary File Descriptor (BFD) library ...)
+ [experimental] - binutils 2.31.51.20181022-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23686
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30838132997e6a3cfe3ec11c58b32b22f6f6b102
CVE-2018-17358 (An issue was discovered in the Binary File Descriptor (BFD) library ...)
+ [experimental] - binutils 2.31.51.20181022-1
- binutils <unfixed>
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
@@ -26483,6 +26497,7 @@ CVE-2018-12934 (remember_Ktype in cplus-dem.c in GNU libiberty, as distributed i
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85453
+ NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84950
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23059
CVE-2018-12933 (PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to ...)
- wine 4.0~rc1-1 (low)
@@ -27051,24 +27066,28 @@ CVE-2018-12700 (A Stack Exhaustion issue was discovered in debug_write_type in d
[jessie] - binutils <ignored> (Minor issue)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
+ NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
CVE-2018-12699 (finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a ...)
- binutils <unfixed> (low)
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
+ NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
CVE-2018-12698 (demangle_template in cplus-dem.c in GNU libiberty, as distributed in ...)
- binutils <unfixed> (low)
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
+ NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
CVE-2018-12697 (A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) ...)
- binutils <unfixed> (low)
[stretch] - binutils <ignored> (Minor issue)
[jessie] - binutils <ignored> (Minor issue)
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23057
+ NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
CVE-2018-12696 (mao10cms 6 allows XSS via the article page. ...)
NOT-FOR-US: mao10cms
CVE-2018-12695 (mao10cms 6 allows XSS via the m=bbs&a=index page. ...)
@@ -27194,6 +27213,7 @@ CVE-2018-12641 (An issue was discovered in arm_pt in cplus-dem.c in GNU libibert
NOTE: https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1763099
NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23058
+ NOTE: Fixed by: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03e51746ed98d9106803f6009ebd71ea670ad3b9
CVE-2018-12640 (The webService binary on Insteon HD IP Camera White 2864-222 devices ...)
NOT-FOR-US: Insteon
CVE-2018-12639
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/50c003f1579227bebe54f027310e939356156379...6aea9d298a872b2ac5d05c75803c8cd65df783df
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/50c003f1579227bebe54f027310e939356156379...6aea9d298a872b2ac5d05c75803c8cd65df783df
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190101/96313c60/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list