Accepted radare2 2.1.0+dfsg-1 (source amd64 all) into unstable, unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted radare2 2.1.0+dfsg-1 (source amd64 all) into unstable, unstable
From: Sebastian Reichel <sre@debian.org>
Date: Tue, 28 Nov 2017 12:00:14 +0000
Message-id: <[🔎] E1eJeYg-0003V7-Em@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 27 Nov 2017 16:14:43 +0100
Source: radare2
Binary: radare2 libradare2-2.1 libradare2-dev libradare2-common
Architecture: source amd64 all
Version: 2.1.0+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Sebastian Reichel <sre@debian.org>
Changed-By: Sebastian Reichel <sre@debian.org>
Description:
 libradare2-2.1 - libraries from the radare2 suite
 libradare2-common - arch independent files from the radare2 suite
 libradare2-dev - devel files from the radare2 suite
 radare2    - free and advanced command line hexadecimal editor
Closes: 878767 879119 880024 880025 880616 880619 880620 882134
Changes:
 radare2 (2.1.0+dfsg-1) unstable; urgency=medium
 .
   * New upstream release
    - Fix for CVE-2017-15368 (Closes: #878767)
      The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0
      allows remote attackers to cause a denial of service (stack-based
      buffer over-read and application crash) or possibly have unspecified
      other impact via a crafted WASM file that triggers an incorrect
      r_hex_bin2str call.
    - Fix for CVE-2017-15385 (Closes: #879119)
      The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c
      in radare2 2.0.0 allows remote attackers to cause a denial of service
      (r_read_le16 invalid write and application crash) or possibly have
      unspecified other impact via a crafted ELF file.
    - Fix for CVE-2017-15932 (Closes: #880024)
      In radare2 2.0.1, an integer exception (negative number leading to an
      invalid memory access) exists in store_versioninfo_gnu_verdef() in
      libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF
      version on 32bit systems.
    - Fix for CVE-2017-15931 (Closes: #880025)
      In radare2 2.0.1, an integer exception (negative number leading to an
      invalid memory access) exists in store_versioninfo_gnu_verneed() in
      libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems.
    - Fix for CVE-2017-16359 (Closes: #880616)
      In radare 2.0.1, a pointer wraparound vulnerability exists in
      store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c.
    - Fix for CVE-2017-16358 (Closes: #880619)
      In radare 2.0.1, an out-of-bounds read vulnerability exists in
      string_scan_range() in libr/bin/bin.c when doing a string search.
    - Fix for CVE-2017-16357 (Closes: #880620)
      In radare 2.0.1, a memory corruption vulnerability exists in
      store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in
      libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This
      error is due to improper sh_size validation when allocating memory.
    - Fix for CVE-2017-16805 (Closes: #882134)
      In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a
      denial of service (invalid read and application crash) via a crafted
      ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and
      sdb_set_internal in shlr/sdb/src/sdb.c.
   * Update Debian Standards Version to 4.1.1
Checksums-Sha1:
 49a863dd533ac81be0fd7c66f11380b3bd89b31e 2269 radare2_2.1.0+dfsg-1.dsc
 f5df7074eb4e840c5a589a7db3bfa4299181371f 3505288 radare2_2.1.0+dfsg.orig.tar.xz
 7d497f28cb56ae148d53bc65a245622ff4c4daa6 13696 radare2_2.1.0+dfsg-1.debian.tar.xz
 93f14782ae0f4452ff2dc262b7de74b402099587 10336124 libradare2-2.1-dbgsym_2.1.0+dfsg-1_amd64.deb
 6441c4ddaa2657f1350ceda20eed7891db44ca11 2434780 libradare2-2.1_2.1.0+dfsg-1_amd64.deb
 90166c4557803d9a8465d457bb123541f6434f47 543788 libradare2-common_2.1.0+dfsg-1_all.deb
 2ebe4d82e74a6725d1f1f31f23a56916177880f3 155040 libradare2-dev_2.1.0+dfsg-1_amd64.deb
 b3c1497df1a0a9391fe628d3156a5fba1bdf6d57 330916 radare2-dbgsym_2.1.0+dfsg-1_amd64.deb
 cb702eac5ba76008b8f636445e023fcae155771d 8779 radare2_2.1.0+dfsg-1_amd64.buildinfo
 12e0e7c23f34ecf0fe8c19a500cb5a7d0d9a9601 164168 radare2_2.1.0+dfsg-1_amd64.deb
Checksums-Sha256:
 cfa5b321764d315d13a015e4d6d4683e6b7e7a8453bd7d2b5c40c70746f5ca37 2269 radare2_2.1.0+dfsg-1.dsc
 83aad992b0c26f67f20f29999a8be4ecbd7e1864fc733d22415a90c333840c59 3505288 radare2_2.1.0+dfsg.orig.tar.xz
 5defa20334383570febf06ad10d6ab6574f1c2a2d900192a5bf4fd1a2b5c47b8 13696 radare2_2.1.0+dfsg-1.debian.tar.xz
 6264c9c04cc926d8a840b97cc72132240dd58b2765091cf2e7da0b416595fca0 10336124 libradare2-2.1-dbgsym_2.1.0+dfsg-1_amd64.deb
 ce9733a4704e372dc0ef784b1dbdadc62459b70e66db66543208d741708b3622 2434780 libradare2-2.1_2.1.0+dfsg-1_amd64.deb
 fed282ee405748686ffb7bf8f02e1eb025d075fc25e96e086e0c9da1485a5bba 543788 libradare2-common_2.1.0+dfsg-1_all.deb
 fc34e84f207814c65695324e3315283961572fcef9e993fb84d3d33e8351cd0f 155040 libradare2-dev_2.1.0+dfsg-1_amd64.deb
 fd763b07994d89dfd86ff9f8ee6a2f8a74ba5f8edc0608746fd89b0ef2c6a3b3 330916 radare2-dbgsym_2.1.0+dfsg-1_amd64.deb
 21bbba39ad39effba9fcf9aef675f7e561e7498ebb51976422c68f299d461463 8779 radare2_2.1.0+dfsg-1_amd64.buildinfo
 c1704640332a28afe07e1b4a858658220ef8f1c4fc872c997e516e1d247e13bb 164168 radare2_2.1.0+dfsg-1_amd64.deb
Files:
 2e65f11424ffa1ca83aaada3c74fbcca 2269 devel extra radare2_2.1.0+dfsg-1.dsc
 114e6178bd4897da63bda78c462fb29a 3505288 devel extra radare2_2.1.0+dfsg.orig.tar.xz
 efcab22d60f646a8cb202be8d725cbf8 13696 devel extra radare2_2.1.0+dfsg-1.debian.tar.xz
 fe810d9eded37aa61b7c9e6d8402d846 10336124 debug optional libradare2-2.1-dbgsym_2.1.0+dfsg-1_amd64.deb
 68ace270e07865f09a59e8faf2378e9e 2434780 libs extra libradare2-2.1_2.1.0+dfsg-1_amd64.deb
 27c9045eafa29118c6cae4f83aed5e23 543788 devel extra libradare2-common_2.1.0+dfsg-1_all.deb
 f78b8003e9a61bb99eeb896684aea688 155040 libdevel extra libradare2-dev_2.1.0+dfsg-1_amd64.deb
 38563f40c8872933da37a3811b9cb44b 330916 debug optional radare2-dbgsym_2.1.0+dfsg-1_amd64.deb
 ff75a9e60ed78a70e4a2235df58a4f80 8779 devel extra radare2_2.1.0+dfsg-1_amd64.buildinfo
 9e260be5047f0aa8c7953fa47ca0cadb 164168 devel extra radare2_2.1.0+dfsg-1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJDBAEBCAAtFiEE72YNB0Y/i3JqeVQT2O7X88g7+poFAlocPecPHHNyZUBkZWJp
YW4ub3JnAAoJENju1/PIO/qaBugP+gJn4EvP43gOhS5+dXTbZlaVlooX39LYkLRQ
5dG+YKraMUaDjYnpoSVQknkAsZf3KO88h8wikxa9MAEVnQFEhfL1ojT4eW/Y2Oo8
hbUOEMCGuGVcYGSGvesaDXXBK4VU4pwnS4e4mD5kUHnVBHiNF4YPYtoq66HTs7KX
HDZwhs99UCKPi0m7KfjYanGrf1P475Co3wIW5d2MtJ9FeXGwY9lYfjxlXiiNZ/6x
+Hy4OKWPTP/47U5TS+dPgyJTFH+MUixPlqc7g6edZksOuJ4+CfUtGPcOGwIVDm70
9ms/l4pb7XbQSy83Uqk5meWOA7mi+1r2Jt79VCz/T8IRdB7SJQqSa2ffb6Srmka7
LGrCL79D9dcV5Xh/7Lm7qP3f7A/G/tOC29rQwndXTuIoWt93Cmtn+JEEJ6Jd2xGD
hhtiyR9hlLANvGdQTYUopYqv2KvhyEM+IOzXLxJ4YERwRVc5gbXb9HVxi+SYHp1T
4mc4hcvF/A1jyP44m8a3WQJdZuvSbTOk6qAsxqcJ4JdWHGMOQzxjQpjJqoxmBmnP
Q1XWDUnyu1IFm1R6T7MNZ3gxlR7Mwk8F1ajDTPFQ7UNI7oCQTPi/9lST3urcQjNp
jnrMjq1EPGiX1v8/CT2QJy+tjLxVpaa+KeAKD24VjyK80AP1opKfYjQ2mS7xl2ge
GGkdHH+A
=yhQm
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Accepted node-ms 2.0.0-1 (source all) into unstable, unstable
Next by Date: Accepted binutils 2.29.51.20171128-1 (source) into experimental
Previous by thread: Accepted node-ms 2.0.0-1 (source all) into unstable, unstable
Next by thread: Accepted binutils 2.29.51.20171128-1 (source) into experimental
Index(es):
- Date
- Thread