-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 27 Nov 2017 16:14:43 +0100 Source: radare2 Binary: radare2 libradare2-2.1 libradare2-dev libradare2-common Architecture: source amd64 all Version: 2.1.0+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Sebastian Reichel <sre@debian.org> Changed-By: Sebastian Reichel <sre@debian.org> Description: libradare2-2.1 - libraries from the radare2 suite libradare2-common - arch independent files from the radare2 suite libradare2-dev - devel files from the radare2 suite radare2 - free and advanced command line hexadecimal editor Closes: 878767 879119 880024 880025 880616 880619 880620 882134 Changes: radare2 (2.1.0+dfsg-1) unstable; urgency=medium . * New upstream release - Fix for CVE-2017-15368 (Closes: #878767) The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers an incorrect r_hex_bin2str call. - Fix for CVE-2017-15385 (Closes: #879119) The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c in radare2 2.0.0 allows remote attackers to cause a denial of service (r_read_le16 invalid write and application crash) or possibly have unspecified other impact via a crafted ELF file. - Fix for CVE-2017-15932 (Closes: #880024) In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c via crafted ELF files when parsing the ELF version on 32bit systems. - Fix for CVE-2017-15931 (Closes: #880025) In radare2 2.0.1, an integer exception (negative number leading to an invalid memory access) exists in store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c via crafted ELF files on 32bit systems. - Fix for CVE-2017-16359 (Closes: #880616) In radare 2.0.1, a pointer wraparound vulnerability exists in store_versioninfo_gnu_verdef() in libr/bin/format/elf/elf.c. - Fix for CVE-2017-16358 (Closes: #880619) In radare 2.0.1, an out-of-bounds read vulnerability exists in string_scan_range() in libr/bin/bin.c when doing a string search. - Fix for CVE-2017-16357 (Closes: #880620) In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory. - Fix for CVE-2017-16805 (Closes: #882134) In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file, related to r_bin_dwarf_parse_comp_unit in dwarf.c and sdb_set_internal in shlr/sdb/src/sdb.c. * Update Debian Standards Version to 4.1.1 Checksums-Sha1: 49a863dd533ac81be0fd7c66f11380b3bd89b31e 2269 radare2_2.1.0+dfsg-1.dsc f5df7074eb4e840c5a589a7db3bfa4299181371f 3505288 radare2_2.1.0+dfsg.orig.tar.xz 7d497f28cb56ae148d53bc65a245622ff4c4daa6 13696 radare2_2.1.0+dfsg-1.debian.tar.xz 93f14782ae0f4452ff2dc262b7de74b402099587 10336124 libradare2-2.1-dbgsym_2.1.0+dfsg-1_amd64.deb 6441c4ddaa2657f1350ceda20eed7891db44ca11 2434780 libradare2-2.1_2.1.0+dfsg-1_amd64.deb 90166c4557803d9a8465d457bb123541f6434f47 543788 libradare2-common_2.1.0+dfsg-1_all.deb 2ebe4d82e74a6725d1f1f31f23a56916177880f3 155040 libradare2-dev_2.1.0+dfsg-1_amd64.deb b3c1497df1a0a9391fe628d3156a5fba1bdf6d57 330916 radare2-dbgsym_2.1.0+dfsg-1_amd64.deb cb702eac5ba76008b8f636445e023fcae155771d 8779 radare2_2.1.0+dfsg-1_amd64.buildinfo 12e0e7c23f34ecf0fe8c19a500cb5a7d0d9a9601 164168 radare2_2.1.0+dfsg-1_amd64.deb Checksums-Sha256: cfa5b321764d315d13a015e4d6d4683e6b7e7a8453bd7d2b5c40c70746f5ca37 2269 radare2_2.1.0+dfsg-1.dsc 83aad992b0c26f67f20f29999a8be4ecbd7e1864fc733d22415a90c333840c59 3505288 radare2_2.1.0+dfsg.orig.tar.xz 5defa20334383570febf06ad10d6ab6574f1c2a2d900192a5bf4fd1a2b5c47b8 13696 radare2_2.1.0+dfsg-1.debian.tar.xz 6264c9c04cc926d8a840b97cc72132240dd58b2765091cf2e7da0b416595fca0 10336124 libradare2-2.1-dbgsym_2.1.0+dfsg-1_amd64.deb ce9733a4704e372dc0ef784b1dbdadc62459b70e66db66543208d741708b3622 2434780 libradare2-2.1_2.1.0+dfsg-1_amd64.deb fed282ee405748686ffb7bf8f02e1eb025d075fc25e96e086e0c9da1485a5bba 543788 libradare2-common_2.1.0+dfsg-1_all.deb fc34e84f207814c65695324e3315283961572fcef9e993fb84d3d33e8351cd0f 155040 libradare2-dev_2.1.0+dfsg-1_amd64.deb fd763b07994d89dfd86ff9f8ee6a2f8a74ba5f8edc0608746fd89b0ef2c6a3b3 330916 radare2-dbgsym_2.1.0+dfsg-1_amd64.deb 21bbba39ad39effba9fcf9aef675f7e561e7498ebb51976422c68f299d461463 8779 radare2_2.1.0+dfsg-1_amd64.buildinfo c1704640332a28afe07e1b4a858658220ef8f1c4fc872c997e516e1d247e13bb 164168 radare2_2.1.0+dfsg-1_amd64.deb Files: 2e65f11424ffa1ca83aaada3c74fbcca 2269 devel extra radare2_2.1.0+dfsg-1.dsc 114e6178bd4897da63bda78c462fb29a 3505288 devel extra radare2_2.1.0+dfsg.orig.tar.xz efcab22d60f646a8cb202be8d725cbf8 13696 devel extra radare2_2.1.0+dfsg-1.debian.tar.xz fe810d9eded37aa61b7c9e6d8402d846 10336124 debug optional libradare2-2.1-dbgsym_2.1.0+dfsg-1_amd64.deb 68ace270e07865f09a59e8faf2378e9e 2434780 libs extra libradare2-2.1_2.1.0+dfsg-1_amd64.deb 27c9045eafa29118c6cae4f83aed5e23 543788 devel extra libradare2-common_2.1.0+dfsg-1_all.deb f78b8003e9a61bb99eeb896684aea688 155040 libdevel extra libradare2-dev_2.1.0+dfsg-1_amd64.deb 38563f40c8872933da37a3811b9cb44b 330916 debug optional radare2-dbgsym_2.1.0+dfsg-1_amd64.deb ff75a9e60ed78a70e4a2235df58a4f80 8779 devel extra radare2_2.1.0+dfsg-1_amd64.buildinfo 9e260be5047f0aa8c7953fa47ca0cadb 164168 devel extra radare2_2.1.0+dfsg-1_amd64.deb -----BEGIN PGP SIGNATURE----- iQJDBAEBCAAtFiEE72YNB0Y/i3JqeVQT2O7X88g7+poFAlocPecPHHNyZUBkZWJp YW4ub3JnAAoJENju1/PIO/qaBugP+gJn4EvP43gOhS5+dXTbZlaVlooX39LYkLRQ 5dG+YKraMUaDjYnpoSVQknkAsZf3KO88h8wikxa9MAEVnQFEhfL1ojT4eW/Y2Oo8 hbUOEMCGuGVcYGSGvesaDXXBK4VU4pwnS4e4mD5kUHnVBHiNF4YPYtoq66HTs7KX HDZwhs99UCKPi0m7KfjYanGrf1P475Co3wIW5d2MtJ9FeXGwY9lYfjxlXiiNZ/6x +Hy4OKWPTP/47U5TS+dPgyJTFH+MUixPlqc7g6edZksOuJ4+CfUtGPcOGwIVDm70 9ms/l4pb7XbQSy83Uqk5meWOA7mi+1r2Jt79VCz/T8IRdB7SJQqSa2ffb6Srmka7 LGrCL79D9dcV5Xh/7Lm7qP3f7A/G/tOC29rQwndXTuIoWt93Cmtn+JEEJ6Jd2xGD hhtiyR9hlLANvGdQTYUopYqv2KvhyEM+IOzXLxJ4YERwRVc5gbXb9HVxi+SYHp1T 4mc4hcvF/A1jyP44m8a3WQJdZuvSbTOk6qAsxqcJ4JdWHGMOQzxjQpjJqoxmBmnP Q1XWDUnyu1IFm1R6T7MNZ3gxlR7Mwk8F1ajDTPFQ7UNI7oCQTPi/9lST3urcQjNp jnrMjq1EPGiX1v8/CT2QJy+tjLxVpaa+KeAKD24VjyK80AP1opKfYjQ2mS7xl2ge GGkdHH+A =yhQm -----END PGP SIGNATURE-----
