On Fri, May 27, 2005 at 01:29:17PM +0200, Martin Pitt wrote: > Package: gdb > Version: 6.3-5 > Severity: grave > Tags: security patch > Justification: user security hole > > Hi! > > gdb is vulnerable against two flaws. Please see > > https://www.ubuntulinux.org/support/documentation/usn/usn-135-1 > > for details and > > http://patches.ubuntu.com/patches/gdb.CAN-2005-1704_1705.diff > > for the Ubuntu patch. This patch fixes not only the integer overflow, > but also adds some robustness checking to not crash on various types > of crafted ELF files.
FYI, you have included two changes to elf.c which were not included in the upstream source. Neither appears to be necessary, and certainly neither is a security fix - both are NULL checks immediately preceeding dereferences. Otherwise the BFD patch looks generally fine. The .gdbinit portion needs to be discussed by the GDB maintainers before it can be included upstream, though there will probably not be a problem. But that bit is fine for Debian's purposes. -- Daniel Jacobowitz CodeSourcery, LLC -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
