Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Kernel:tools
elfutils
project.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File project.diff of Package elfutils
--- elfutils.changes.orig +++ elfutils.changes @@ -68,8 +68,14 @@ Mon Feb 18 07:47:27 UTC 2019 - Martin Li backends: riscv improved core file and return value location support. - Fixes CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7150, - CVE-2019-7664, CVE-2019-7665 + Fixes CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 + + - CVE-2019-7150: dwfl_segment_report_module doesn't check whether + the dyn data read from core file is truncated (bnc#1123685) + + - CVE-2019-7665: NT_PLATFORM core file note should be a zero + terminated string (CVE is a bit misleading, as this is not a bug + in libelf as described) (bnc#1125007) ------------------------------------------------------------------- Fri Nov 16 13:28:34 UTC 2018 - Martin Liška <mliska@suse.cz> @@ -92,7 +98,14 @@ Fri Nov 16 13:28:34 UTC 2018 - Martin Li backends: RISCV handles ADD/SUB relocations. Handle SHT_X86_64_UNWIND. - Fixes CVE-2018-18310, CVE-2018-18520 and CVE-2018-18521. + - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the + function arlib_add_symbols() used by eu-ranlib (bnc#1112723) + + - CVE-2018-18310: Invalid Address Read problem in + dwfl_segment_report_module.c (bnc#1111973) + + - CVE-2018-18520: eu-size: Bad handling of ar files inside are + files (bnc#1112726) - remove disable-backtrace-dwarf-test.patch patch - the test works now @@ -123,6 +136,15 @@ Mon Sep 17 10:21:35 UTC 2018 - Martin Li backends: RISCV and M68K now have backend implementations to generate CFI based backtraces. + - CVE-2018-16402: libelf: denial of service/double free on an + attempt to decompress the same section twice (bnc#1107066) + Double-free crash in nm and readelf + + - CVE-2018-16403: heap buffer overflow in readelf (bnc#1107067) + + - CVE-2018-16062: heap-buffer-overflow in + /elfutils/libdw/dwarf_getaranges.c:156 (bnc#1106390) + ------------------------------------------------------------------- Wed Aug 15 12:37:46 UTC 2018 - antoine.belvire@opensuse.org @@ -244,6 +266,20 @@ Fri Mar 9 09:21:05 UTC 2018 - rguenther backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer unwinding fallback support for i386, x86_64, aarch64. translations: Update Polish translation. + - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and + application crash) via a crafted ELF file (bnc#1033088) + - CVE-2017-7610: elflint: heap-based buffer overflow in check_group + (bnc#1033087) + - CVE-2017-7609: memory allocation failure in __libelf_decompress + (bnc#1033086) + - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi + (readelf.c) (bnc#1033084) + - CVE-2017-7608: heap-based buffer overflow in + ebl_object_note_type_name (eblobjnotetypename.c) (bnc#1033085) + - CVE-2017-7613: elfutils: denial of service (memory consumption) + via a crafted ELF file (bnc#1033090) + - CVE-2017-7612: elfutils: denial of service (heap-based buffer + over-read and application crash) via a crafted ELF file (bnc#1033089) - Remove obsolete 0001-backends-Add-support-for-EM_PPC64-GNU_ATTRIBUTES.patch and ppc-machine-flags.patch - Add elfutils-0.170-stripnothing.patch to robustify test and avoid a FAIL.
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor