Your message dated Sat, 21 May 2005 16:32:25 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#308625: fixed in binutils 2.15-6
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 11 May 2005 14:33:22 +0000
>From [EMAIL PROTECTED] Wed May 11 07:33:22 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org (vserver151.vserver151.serverflex.de)
[193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DVsH4-0002WA-00; Wed, 11 May 2005 07:33:22 -0700
Received: from p5489718a.dip.t-dialin.net ([84.137.113.138]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1DVsGB-0003KC-Oo
for [EMAIL PROTECTED]; Wed, 11 May 2005 16:32:28 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.50)
id 1DVsH0-0001eV-7h; Wed, 11 May 2005 16:33:18 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: binutils: Integer overflow in ELF segment parsing
X-Mailer: reportbug 3.11
Date: Wed, 11 May 2005 16:33:17 +0200
X-Debbugs-Cc: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 84.137.113.138
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: binutils
Version: 2.15-5
Severity: grave
Tags: security
Justification: user security hole
An integer overflow in parsing ELF segment headers has been found that
affects several of binutil's binaries, such as nm, strings or objdump and
can potentially be exploited to corrupt the heap and execute arbitrary
code. See http://bugs.gentoo.org/show_bug.cgi?id=91398 for a crafted
test binary (without malicious effects) and pointers to more information.
The bug log contains a patch by SuSE's Sebastian Krahmer, which has been
applied upstream.
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages binutils depends on:
ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an
-- no debconf information
---------------------------------------
Received: (at 308625-close) by bugs.debian.org; 21 May 2005 20:39:42 +0000
>From [EMAIL PROTECTED] Sat May 21 13:39:42 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DZal3-0005U4-00; Sat, 21 May 2005 13:39:41 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DZae1-0004pl-00; Sat, 21 May 2005 16:32:25 -0400
From: James Troup <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#308625: fixed in binutils 2.15-6
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sat, 21 May 2005 16:32:25 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: binutils
Source-Version: 2.15-6
We believe that the bug you reported is fixed in the latest version of
binutils, which is due to be installed in the Debian FTP archive:
binutils-dev_2.15-6_i386.deb
to pool/main/b/binutils/binutils-dev_2.15-6_i386.deb
binutils-doc_2.15-6_all.deb
to pool/main/b/binutils/binutils-doc_2.15-6_all.deb
binutils-multiarch_2.15-6_i386.deb
to pool/main/b/binutils/binutils-multiarch_2.15-6_i386.deb
binutils_2.15-6.diff.gz
to pool/main/b/binutils/binutils_2.15-6.diff.gz
binutils_2.15-6.dsc
to pool/main/b/binutils/binutils_2.15-6.dsc
binutils_2.15-6_i386.deb
to pool/main/b/binutils/binutils_2.15-6_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
James Troup <[EMAIL PROTECTED]> (supplier of updated binutils package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 21 May 2005 20:20:01 +0100
Source: binutils
Binary: binutils-dev binutils-hppa64 binutils-multiarch binutils binutils-doc
Architecture: source i386 all
Version: 2.15-6
Distribution: unstable
Urgency: low
Maintainer: James Troup <[EMAIL PROTECTED]>
Changed-By: James Troup <[EMAIL PROTECTED]>
Description:
binutils - The GNU assembler, linker and binary utilities
binutils-dev - The GNU binary utilities (BFD development files)
binutils-doc - Documentation for the GNU assembler, linker and binary utilities
binutils-multiarch - Binary utilities that support multi-arch targets
Closes: 308625
Changes:
binutils (2.15-6) unstable; urgency=low
.
* 123_bfd_overflow_fix.dpatch: new patch from Alan Modra to fix BFD
overflows. Closes: #308625
Files:
e25d40c0a57ad00fcaf947ea72ed6412 1401 devel standard binutils_2.15-6.dsc
d7d3502acef87b3210e2db9739723972 38992 devel standard binutils_2.15-6.diff.gz
1d4311dc8817ac0d0490a678a9ec5832 433520 doc optional
binutils-doc_2.15-6_all.deb
e76056eb0d6a0f14bc267bd7d0f628a5 2221396 devel standard
binutils_2.15-6_i386.deb
2f366cb8670d2a958e4d6597ea976f03 2812454 devel extra
binutils-dev_2.15-6_i386.deb
57f78dce76c9b99b6915fb5027c63264 7952134 devel extra
binutils-multiarch_2.15-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iQIVAwUBQo+T69fD8TGrKpH1AQKithAAgGlVtwSnqWfoDX7GN/7txqlWD7OJ9RGr
ZsK8ErtBFHPr7uLNA3WSxUd/JqHtKc8dQs8M6zDoAEvbIhugjDPWNlLaXzbFRhHl
YEg6ulJWuq/6mMjbw0tUZbX16zGTgqSTJhh9PUYH5H8WeSpWFeOinz2QmzrlT01r
foa6PV2G149KwcJhYX5fSHwC9yrtNqbF0OxwVXcsvWv01EA9tRD3MUrP+kcNzNWa
U1z/m3utsYtCQiU0yPsfzflPFUXtZHX63JN7NA+YliOfKLT3KbDTVpLDqjNtzud8
S+Qo5nCqEdpV8QXNt/6wf/glIhBbcyfKcpOfuqkzAa8qUbrYIAB3JXAG3bdDlKdH
EQuWXKbSituCOquT/Uuyvrzz8eiglb+3NJfrrCCpHqXylEuPs5HhTpc4V9f/aeH0
qJCDHUlKzhYtgmbSNlxZbxiRUrmqfYun1QTJLMy2Qataj4T8726UAzPkLG2qrJTq
mAOAtJgt4NqE7Xl6GGE7X1ByLaBgUJO6DJN39T2JSvJsx31/t8O1VLv9FfPX2cof
B6tLd94nTqeY4TXb7gL1RkxR/i/R65UcvxDS7W2G3/4UyIpM9JWRyfzfL4wMTJoQ
n++/ZArhF4EgiBMi8ptNz49z8NqUVox/NIDU/YHhEafbBseFvkNHE4dYjFM54Dpw
dv73OuxaqIg=
=k1c+
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
