Bug#840360: Multiple security issues

[Salvatore Bonaccorso <carnil@debian.org>]

Hi Moritz, hi Matthias,

On Mon, Oct 10, 2016 at 11:47:22PM +0200, Moritz Muehlenhoff wrote:
> Source: libiberty
> Severity: important
> Tags: security
> 
> Several security issues have been reported in libiberty,
> the security tracker has additional references:
> https://security-tracker.debian.org/tracker/CVE-2016-6131
> https://security-tracker.debian.org/tracker/CVE-2016-4493
> https://security-tracker.debian.org/tracker/CVE-2016-4492
> https://security-tracker.debian.org/tracker/CVE-2016-4491
> https://security-tracker.debian.org/tracker/CVE-2016-4490
> https://security-tracker.debian.org/tracker/CVE-2016-4489
> https://security-tracker.debian.org/tracker/CVE-2016-4488
> https://security-tracker.debian.org/tracker/CVE-2016-4487
> https://security-tracker.debian.org/tracker/CVE-2016-2226
> 
> These are all fixed in trunk since 2016-08-04, the source
> package currently in sid as libiberty-20160807 does not
> contain those, though.

I think from the above still two are unfixed with the unstable upload
from this morning:

CVE-2016-4491:
-> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909
-> https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html

CVE-2016-6131
-> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71696
-> https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=239143

Regards,
Salvatore