ubuntu/+source/elfutils:applied/ubuntu/cosmic-devel

Last commit made on 2019-06-10
Get this branch:
git clone -b applied/ubuntu/cosmic-devel https://git.launchpad.net/ubuntu/+source/elfutils
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/cosmic-devel
Repository:
lp:ubuntu/+source/elfutils

Recent commits

76a0a40... by Marc Deslauriers on 2019-06-07

Import patches-applied version 0.170-0.5.0ubuntu1.1 to applied/ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: f84a201b6328daf639ba0ee981f13056b73781e3
Unapplied parent: 0c85b60e53ae687a4a1c42fa1e892d40e64d3cc8

New changelog entries:
  * SECURITY UPDATE: DoS via a crafted file
    - debian/patches/CVE-2018-16062.patch: make sure there is enough data
      to read full aranges header in libdw/dwarf_getaranges.c,
      src/readelf.c.
    - CVE-2018-16062
  * SECURITY UPDATE: double free and application crash
    - debian/patches/CVE-2018-16402.patch: return error if elf_compress_gnu
      is used on SHF_COMPRESSED section in libelf/elf_compress_gnu.c,
      libelf/libelf.h.
    - CVE-2018-16402
  * SECURITY UPDATE: incorrect end of the attributes list check
    - debian/patches/CVE-2018-16403.patch: check end of attributes list
      consistently in libdw/dwarf_getabbrev.c, libdw/dwarf_hasattr.c.
    - CVE-2018-16403
  * SECURITY UPDATE: invalid memory address dereference
    - debian/patches/CVE-2018-18310.patch: sanity check partial core file
      data reads in libdwfl/dwfl_segment_report_module.c.
    - CVE-2018-18310
  * SECURITY UPDATE: invalid memory address dereference
    - debian/patches/CVE-2018-18520.patch: handle recursive ELF ar files in
      src/size.c.
    - CVE-2018-18520
  * SECURITY UPDATE: divide by zero vulnerabilties
    - debian/patches/CVE-2018-18521.patch: check that sh_entsize isn't zero
      in src/arlib.c.
    - CVE-2018-18521
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-7149.patch: check terminating NUL byte in
      dwarf_getsrclines for dir/file table in libdw/dwarf_getsrclines.c,
      src/readelf.c.
    - CVE-2019-7149
  * SECURITY UPDATE: incorrect truncated dyn data read handling
    - debian/patches/CVE-2019-7150.patch: sanity check partial core file
      dyn data read in libdwfl/dwfl_segment_report_module.c.
    - CVE-2019-7150
  * SECURITY UPDATE: heap-based buffer over-read
    - debian/patches/CVE-2019-7665.patch: check NT_PLATFORM core notes
      contain a zero terminated string in libdwfl/linux-core-attach.c,
      libebl/eblcorenote.c, libebl/libebl.h, src/readelf.c.
    - CVE-2019-7665

0c85b60... by Marc Deslauriers on 2019-06-07

[PATCH] libebl: Check NT_PLATFORM core notes contain a zero

Gbp-Pq: CVE-2019-7665.patch.

5fbcdc2... by Marc Deslauriers on 2019-06-07

[PATCH] libdwfl: Sanity check partial core file dyn data read.

Gbp-Pq: CVE-2019-7150.patch.

4986c34... by Marc Deslauriers on 2019-06-07

[PATCH] libdw: Check terminating NUL byte in dwarf_getsrclines for

Gbp-Pq: CVE-2019-7149.patch.

080d091... by Marc Deslauriers on 2019-06-07

[PATCH] arlib: Check that sh_entsize isn't zero.

Gbp-Pq: CVE-2018-18521.patch.

7b71378... by Marc Deslauriers on 2019-06-07

[PATCH] size: Handle recursive ELF ar files.

Gbp-Pq: CVE-2018-18520.patch.

fdc7e42... by Marc Deslauriers on 2019-06-07

[PATCH] libdwfl: Sanity check partial core file data reads.

Gbp-Pq: CVE-2018-18310.patch.

2a785cb... by Marc Deslauriers on 2019-06-07

[PATCH] libdw: Check end of attributes list consistently.

Gbp-Pq: CVE-2018-16403.patch.

b3fe973... by Marc Deslauriers on 2019-06-07

[PATCH] libelf: Return error if elf_compress_gnu is used on

Gbp-Pq: CVE-2018-16402.patch.

a7d805a... by Marc Deslauriers on 2019-06-07

[PATCH] libdw, readelf: Make sure there is enough data to read full

Gbp-Pq: CVE-2018-16062.patch.