Package: release.debian.org Severity: normal Tags: jessie User: release.debian.org@packages.debian.org Usertags: pu Dear release team, libiberty needs to be updated in Jessie, because the newer version fixes many security issues: CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490 CVE-2016-4492 CVE-2016-4493 CVE-2016-2226 CVE-2016-6131 This package upload is also needed to fix the same CVEs in the package "ht", which in Jessie has an embedded copy of vulnerable version of libiberty (#840358). Please review an attached patched (full and filtered). Thanks Anton
Attachment:
libiberty_full.debdiff.tar.xz
Description: application/xz
diff -Nru libiberty-20141014/debian/changelog libiberty-20161017/debian/changelog --- libiberty-20141014/debian/changelog 2014-10-14 14:24:19.000000000 +0200 +++ libiberty-20161017/debian/changelog 2016-10-18 20:18:45.000000000 +0200 @@ -1,3 +1,38 @@ +libiberty (20161017-1~deb8u1) jessie-proposed-updates; urgency=medium + + * Update to the latest version. Fix security issues. + CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490 + CVE-2016-4492 CVE-2016-4493 CVE-2016-2226 CVE-2016-6131 + + -- Anton Gladky <gladk@debian.org> Mon, 17 Oct 2016 21:05:57 +0200 + +libiberty (20161017-1) unstable; urgency=medium + + * Update to 20161017 (CVE-2016-6131). Closes: #840889. + * Don't apply "fixes" which are not yet accepted upstream. + + -- Matthias Klose <doko@debian.org> Mon, 17 Oct 2016 11:37:08 +0200 + +libiberty (20161011-1) unstable; urgency=medium + + * Update to 20161011 (security issues fixed: CVE-2016-6131, CVE-2016-4493, + CVE-2016-4492, CVE-2016-4491, CVE-2016-4490, CVE-2016-4489, CVE-2016-4488, + CVE-2016-4487, CVE-2016-2226. Closes: #840360. + + -- Matthias Klose <doko@debian.org> Tue, 11 Oct 2016 09:14:23 +0200 + +libiberty (20160807-1) unstable; urgency=medium + + * Update to 20160807. + + -- Matthias Klose <doko@debian.org> Sun, 07 Aug 2016 14:03:33 +0200 + +libiberty (20160215-1) unstable; urgency=medium + + * Update to 20160215. + + -- Matthias Klose <doko@debian.org> Mon, 15 Feb 2016 20:15:28 +0100 + libiberty (20141014-1) unstable; urgency=medium * Update to 20141014. diff -Nru libiberty-20141014/debian/patches/use-ldflags.diff libiberty-20161017/debian/patches/use-ldflags.diff --- libiberty-20141014/debian/patches/use-ldflags.diff 2014-10-14 14:28:49.000000000 +0200 +++ libiberty-20161017/debian/patches/use-ldflags.diff 2016-10-11 09:17:52.000000000 +0200 @@ -2,7 +2,7 @@ =================================================================== --- a/libiberty/Makefile.in +++ b/libiberty/Makefile.in -@@ -415,7 +415,7 @@ TAGS: $(CFILES) +@@ -416,7 +416,7 @@ etags tags TAGS: etags-subdir demangle: $(ALL) $(srcdir)/cp-demangle.c @echo "The standalone demangler, now named c++filt, is now" @echo "a part of binutils."