[ubuntu/trusty-updates] gdb 7.7.1-0ubuntu5~14.04.3 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Jul 26 16:58:19 UTC 2017 

gdb (7.7.1-0ubuntu5~14.04.3) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS via invalid value in NumberOfRvaAndSizes field
    - debian/patches/CVE-2014-8501.patch: add check to bfd/peXXigen.c.
    - CVE-2014-8501
  * SECURITY UPDATE: stack overflow when printing bad bytes
    - debian/patches/CVE-2014-9939.patch: fix escape sequences in
      bfd/ihex.c, bfd/srec.c.
    - CVE-2014-9939
  * SECURITY UPDATE: integer overflow in string_appends
    - debian/patches/CVE-2016-2226.patch: check for overflow in
      libiberty/cplus-dem.c, added xmalloc_failed to
      gdb/common/common-utils.c.
    - CVE-2016-2226
  * SECURITY UPDATE: use-after-free vulberabilities
    - debian/patches/CVE-2016-4487_4488.patch: set bsize and ksize in
      libiberty/cplus-dem.c, added test to
      libiberty/testsuite/demangle-expected.
    - CVE-2016-4487
    - CVE-2016-4488
  * SECURITY UPDATE: integer overflow in gnu_special
    - debian/patches/CVE-2016-4489.patch: handle case where consume_count
      returns -1 in libiberty/cplus-dem.c.
    - CVE-2016-4489
  * SECURITY UPDATE: integer overflow after sanity checks
    - debian/patches/CVE-2016-4490.patch: parse numbers as integer instead
      of long in libiberty/cp-demangle.c, added test to
      libiberty/testsuite/demangle-expected.
    - CVE-2016-4490
  * SECURITY UPDATE: denial of service via infinite recursion
    - debian/patches/CVE-2016-4491-1.patch: limit recursion in
      include/demangle.h, libiberty/cp-demangle.c, libiberty/cp-demint.c,
      added test to libiberty/testsuite/demangle-expected. 
    - debian/patches/CVE-2016-4491-2.patch: limit more recursion in
      libiberty/cp-demangle.c.
    - debian/patches/CVE-2016-4491-3.patch: initialize d_printing in
      gdb/cp-name-parser.y, libiberty/cp-demangle.c.
    - CVE-2016-4491
  * SECURITY UPDATE: buffer overflow in do_type
    - debian/patches/CVE-2016-4492_4493.patch: properly handle large values
      and overflow in libiberty/cplus-dem.c, added test to
      libiberty/testsuite/demangle-expected.
    - CVE-2016-4492
    - CVE-2016-4493
  * SECURITY UPDATE: denial of service via infinite recursion
    - debian/patches/CVE-2016-6131.patch: prevent infinite recursion in
      libiberty/cplus-dem.c, added test to
      libiberty/testsuite/demangle-expected.
    - CVE-2016-6131

Date: 2017-06-09 20:08:14.376516+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/gdb/7.7.1-0ubuntu5~14.04.3
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list