Your message dated Wed, 13 Jun 2018 21:53:06 +0100 with message-id <1528923186.2806.80.camel@adam-barratt.org.uk> and subject line Re: Bug#841234: jessie-pu: package libiberty/20141014-1 has caused the Debian Bug report #841234, regarding jessie-pu: package libiberty/20141014-1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 841234: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841234 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: jessie-pu: package libiberty/20141014-1
- From: Anton Gladky <gladk@debian.org>
- Date: Tue, 18 Oct 2016 20:32:56 +0200
- Message-id: <147681557690.8221.9618798494427118183.reportbug@debian>
- Reply-to: gladk@debian.org
Package: release.debian.org Severity: normal Tags: jessie User: release.debian.org@packages.debian.org Usertags: pu Dear release team, libiberty needs to be updated in Jessie, because the newer version fixes many security issues: CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490 CVE-2016-4492 CVE-2016-4493 CVE-2016-2226 CVE-2016-6131 This package upload is also needed to fix the same CVEs in the package "ht", which in Jessie has an embedded copy of vulnerable version of libiberty (#840358). Please review an attached patched (full and filtered). Thanks AntonAttachment: libiberty_full.debdiff.tar.xz
Description: application/xzdiff -Nru libiberty-20141014/debian/changelog libiberty-20161017/debian/changelog --- libiberty-20141014/debian/changelog 2014-10-14 14:24:19.000000000 +0200 +++ libiberty-20161017/debian/changelog 2016-10-18 20:18:45.000000000 +0200 @@ -1,3 +1,38 @@ +libiberty (20161017-1~deb8u1) jessie-proposed-updates; urgency=medium + + * Update to the latest version. Fix security issues. + CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490 + CVE-2016-4492 CVE-2016-4493 CVE-2016-2226 CVE-2016-6131 + + -- Anton Gladky <gladk@debian.org> Mon, 17 Oct 2016 21:05:57 +0200 + +libiberty (20161017-1) unstable; urgency=medium + + * Update to 20161017 (CVE-2016-6131). Closes: #840889. + * Don't apply "fixes" which are not yet accepted upstream. + + -- Matthias Klose <doko@debian.org> Mon, 17 Oct 2016 11:37:08 +0200 + +libiberty (20161011-1) unstable; urgency=medium + + * Update to 20161011 (security issues fixed: CVE-2016-6131, CVE-2016-4493, + CVE-2016-4492, CVE-2016-4491, CVE-2016-4490, CVE-2016-4489, CVE-2016-4488, + CVE-2016-4487, CVE-2016-2226. Closes: #840360. + + -- Matthias Klose <doko@debian.org> Tue, 11 Oct 2016 09:14:23 +0200 + +libiberty (20160807-1) unstable; urgency=medium + + * Update to 20160807. + + -- Matthias Klose <doko@debian.org> Sun, 07 Aug 2016 14:03:33 +0200 + +libiberty (20160215-1) unstable; urgency=medium + + * Update to 20160215. + + -- Matthias Klose <doko@debian.org> Mon, 15 Feb 2016 20:15:28 +0100 + libiberty (20141014-1) unstable; urgency=medium * Update to 20141014. diff -Nru libiberty-20141014/debian/patches/use-ldflags.diff libiberty-20161017/debian/patches/use-ldflags.diff --- libiberty-20141014/debian/patches/use-ldflags.diff 2014-10-14 14:28:49.000000000 +0200 +++ libiberty-20161017/debian/patches/use-ldflags.diff 2016-10-11 09:17:52.000000000 +0200 @@ -2,7 +2,7 @@ =================================================================== --- a/libiberty/Makefile.in +++ b/libiberty/Makefile.in -@@ -415,7 +415,7 @@ TAGS: $(CFILES) +@@ -416,7 +416,7 @@ etags tags TAGS: etags-subdir demangle: $(ALL) $(srcdir)/cp-demangle.c @echo "The standalone demangler, now named c++filt, is now" @echo "a part of binutils."
--- End Message ---
--- Begin Message ---
- To: Anton Gladky <gladk@debian.org>
- Cc: Julien Cristau <jcristau@debian.org>, 841234-done@bugs.debian.org
- Subject: Re: Bug#841234: jessie-pu: package libiberty/20141014-1
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Wed, 13 Jun 2018 21:53:06 +0100
- Message-id: <1528923186.2806.80.camel@adam-barratt.org.uk>
- In-reply-to: <[🔎] CALF6qJkDQ1KMwrZ8gdrqzmFgJxqFcrksHMZtnfAvsJt6d-YGQw@mail.gmail.com>
- References: <147681557690.8221.9618798494427118183.reportbug@debian> <20161217104204.r7va5kofmcnxwlh5@betterave.cristau.org> <[🔎] 1528921057.2806.73.camel@adam-barratt.org.uk> <[🔎] CALF6qJkDQ1KMwrZ8gdrqzmFgJxqFcrksHMZtnfAvsJt6d-YGQw@mail.gmail.com>
On Wed, 2018-06-13 at 22:52 +0200, Anton Gladky wrote: > Hi Adam, > > I forgot about this bug. Actually I do not have any interest and time > now to make an upload. So, I think the bug can be closed. > OK, thanks for confirming. Doing so with this message. Regards, Adam
--- End Message ---