Bug#841234: marked as done (jessie-pu: package libiberty/20141014-1)

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Subject: Bug#841234: marked as done (jessie-pu: package libiberty/20141014-1)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Wed, 13 Jun 2018 20:57:14 +0000
Message-id: <[🔎] handler.841234.D841234.15289232604767.ackdone@bugs.debian.org>
Reply-to: 841234@bugs.debian.org
References: <1528923186.2806.80.camel@adam-barratt.org.uk> <147681557690.8221.9618798494427118183.reportbug@debian>

Your message dated Wed, 13 Jun 2018 21:53:06 +0100
with message-id <1528923186.2806.80.camel@adam-barratt.org.uk>
and subject line Re: Bug#841234: jessie-pu: package libiberty/20141014-1
has caused the Debian Bug report #841234,
regarding jessie-pu: package libiberty/20141014-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
841234: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=841234
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: jessie-pu: package libiberty/20141014-1
From: Anton Gladky <gladk@debian.org>
Date: Tue, 18 Oct 2016 20:32:56 +0200
Message-id: <147681557690.8221.9618798494427118183.reportbug@debian>
Reply-to: gladk@debian.org

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

Dear release team,

libiberty needs to be updated in Jessie, because the newer version
fixes many security issues:

CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490
CVE-2016-4492 CVE-2016-4493 CVE-2016-2226 CVE-2016-6131

This package upload is also needed to fix the same CVEs
in the package "ht", which in Jessie has an embedded copy of 
vulnerable version of libiberty (#840358).

Please review an attached patched (full and filtered).

Thanks

Anton

Attachment: libiberty_full.debdiff.tar.xz
Description: application/xz

diff -Nru libiberty-20141014/debian/changelog libiberty-20161017/debian/changelog
--- libiberty-20141014/debian/changelog	2014-10-14 14:24:19.000000000 +0200
+++ libiberty-20161017/debian/changelog	2016-10-18 20:18:45.000000000 +0200
@@ -1,3 +1,38 @@
+libiberty (20161017-1~deb8u1) jessie-proposed-updates; urgency=medium
+
+  * Update to the latest version. Fix security issues.
+    CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490
+    CVE-2016-4492 CVE-2016-4493 CVE-2016-2226 CVE-2016-6131
+
+ -- Anton Gladky <gladk@debian.org>  Mon, 17 Oct 2016 21:05:57 +0200
+
+libiberty (20161017-1) unstable; urgency=medium
+
+  * Update to 20161017 (CVE-2016-6131). Closes: #840889.
+  * Don't apply "fixes" which are not yet accepted upstream.
+
+ -- Matthias Klose <doko@debian.org>  Mon, 17 Oct 2016 11:37:08 +0200
+
+libiberty (20161011-1) unstable; urgency=medium
+
+  * Update to 20161011 (security issues fixed: CVE-2016-6131, CVE-2016-4493,
+    CVE-2016-4492, CVE-2016-4491, CVE-2016-4490, CVE-2016-4489, CVE-2016-4488,
+    CVE-2016-4487, CVE-2016-2226. Closes: #840360.
+
+ -- Matthias Klose <doko@debian.org>  Tue, 11 Oct 2016 09:14:23 +0200
+
+libiberty (20160807-1) unstable; urgency=medium
+
+  * Update to 20160807.
+
+ -- Matthias Klose <doko@debian.org>  Sun, 07 Aug 2016 14:03:33 +0200
+
+libiberty (20160215-1) unstable; urgency=medium
+
+  * Update to 20160215.
+
+ -- Matthias Klose <doko@debian.org>  Mon, 15 Feb 2016 20:15:28 +0100
+
 libiberty (20141014-1) unstable; urgency=medium
 
   * Update to 20141014.
diff -Nru libiberty-20141014/debian/patches/use-ldflags.diff libiberty-20161017/debian/patches/use-ldflags.diff
--- libiberty-20141014/debian/patches/use-ldflags.diff	2014-10-14 14:28:49.000000000 +0200
+++ libiberty-20161017/debian/patches/use-ldflags.diff	2016-10-11 09:17:52.000000000 +0200
@@ -2,7 +2,7 @@
 ===================================================================
 --- a/libiberty/Makefile.in
 +++ b/libiberty/Makefile.in
-@@ -415,7 +415,7 @@ TAGS: $(CFILES)
+@@ -416,7 +416,7 @@ etags tags TAGS: etags-subdir
  demangle: $(ALL) $(srcdir)/cp-demangle.c
  	@echo "The standalone demangler, now named c++filt, is now"
  	@echo "a part of binutils."

--- End Message ---

--- Begin Message ---

To: Anton Gladky <gladk@debian.org>

Cc: Julien Cristau <jcristau@debian.org>, 841234-done@bugs.debian.org

Subject: Re: Bug#841234: jessie-pu: package libiberty/20141014-1

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Date: Wed, 13 Jun 2018 21:53:06 +0100

Message-id: <1528923186.2806.80.camel@adam-barratt.org.uk>

In-reply-to: <[🔎] CALF6qJkDQ1KMwrZ8gdrqzmFgJxqFcrksHMZtnfAvsJt6d-YGQw@mail.gmail.com>

References: <147681557690.8221.9618798494427118183.reportbug@debian> <20161217104204.r7va5kofmcnxwlh5@betterave.cristau.org> <[🔎] 1528921057.2806.73.camel@adam-barratt.org.uk> <[🔎] CALF6qJkDQ1KMwrZ8gdrqzmFgJxqFcrksHMZtnfAvsJt6d-YGQw@mail.gmail.com>
On Wed, 2018-06-13 at 22:52 +0200, Anton Gladky wrote:
> Hi Adam,
> 
> I forgot about this bug. Actually I do not have any interest and time
> now to make an upload. So, I think the bug can be closed.
> 

OK, thanks for confirming. Doing so with this message.

Regards,

Adam
--- End Message ---

Reply to:

Prev by Date: Processed: tagging 835873, retitle 835873 to RM: openstreetmap-client -- RoM; broken
Next by Date: Re: blktrace_1.1.0-2+deb9u1_amd64.changes REJECTED
Previous by thread: Processed: tagging 835873, retitle 835873 to RM: openstreetmap-client -- RoM; broken
Next by thread: Re: blktrace_1.1.0-2+deb9u1_amd64.changes REJECTED
Index(es):
- Date
- Thread