[ubuntu/plucky-proposed] elfutils 0.192-4ubuntu1 (Accepted)

Fabian Toepfer fabian.toepfer at canonical.com
Mon Mar 17 14:28:27 UTC 2025 

elfutils (0.192-4ubuntu1) plucky; urgency=medium

  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2025-1365.patch: Use validate_str also to check
      dynamic symstr data.
    - CVE-2025-1365
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2025-1371.patch: Handle NULL phdr in
      handle_dynamic_symtab.
    - CVE-2025-1371
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2025-1372.patch: Skip trying to uncompress
      sections without a name.
    - CVE-2025-1372
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2025-1377.patch: Verify symbol table is a real
      symbol table.
    - CVE-2025-1377

Date: Fri, 14 Mar 2025 14:56:13 +0100
Changed-By: Fabian Toepfer <fabian.toepfer at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/elfutils/0.192-4ubuntu1
-------------- next part --------------
Format: 1.8
Date: Fri, 14 Mar 2025 14:56:13 +0100
Source: elfutils
Built-For-Profiles: noudeb
Architecture: source
Version: 0.192-4ubuntu1
Distribution: plucky
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Fabian Toepfer <fabian.toepfer at canonical.com>
Changes:
 elfutils (0.192-4ubuntu1) plucky; urgency=medium
 .
   * SECURITY UPDATE: buffer overflow
     - debian/patches/CVE-2025-1365.patch: Use validate_str also to check
       dynamic symstr data.
     - CVE-2025-1365
   * SECURITY UPDATE: null pointer dereference
     - debian/patches/CVE-2025-1371.patch: Handle NULL phdr in
       handle_dynamic_symtab.
     - CVE-2025-1371
   * SECURITY UPDATE: null pointer dereference
     - debian/patches/CVE-2025-1372.patch: Skip trying to uncompress
       sections without a name.
     - CVE-2025-1372
   * SECURITY UPDATE: null pointer dereference
     - debian/patches/CVE-2025-1377.patch: Verify symbol table is a real
       symbol table.
     - CVE-2025-1377
Checksums-Sha1:
 60220b216b613f0ae778c168ae9921c98b6dc11c 3397 elfutils_0.192-4ubuntu1.dsc
 752aca90c006aa6e8c9ca68d318e00be6618da01 47428 elfutils_0.192-4ubuntu1.debian.tar.xz
 6424ae1ec4d595072a3fdcb47fd94126079c4963 9675 elfutils_0.192-4ubuntu1_source.buildinfo
Checksums-Sha256:
 3ec05c47e85866a1e899011493d2306fcaee9caa70f1eeaf75de7f453394ccf3 3397 elfutils_0.192-4ubuntu1.dsc
 c28becc065a09723f9f5b53cd1112d0cdce16ff78cdf8d477a14be6f8b8be909 47428 elfutils_0.192-4ubuntu1.debian.tar.xz
 445b3f5e640ecd00a81c010b9625629a148b021abf915843047d1e3aadf20e6e 9675 elfutils_0.192-4ubuntu1_source.buildinfo
Files:
 e8e91dbb6d9cd3b3179b9a9a096639dd 3397 libs optional elfutils_0.192-4ubuntu1.dsc
 621d6fe1d2f7281191b996fd76948d34 47428 libs optional elfutils_0.192-4ubuntu1.debian.tar.xz
 d009051bd63b3227b30a39e309e70c6d 9675 libs optional elfutils_0.192-4ubuntu1_source.buildinfo
Original-Maintainer: Debian Elfutils Maintainers <debian-gcc at lists.debian.org>

More information about the plucky-changes mailing list