Debian Package Tracker

general

source: dwarfutils (main)
version: 20180809-1
maintainer: Fabian Wolff (DMD) (DM)
arch: any
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 20120410-2+deb8u1
oldstable: 20161124-1+deb9u1
stable: 20180809-1
testing: 20180809-1
unstable: 20180809-1

versioned links

20120410-2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20161124-1+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
20180809-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

dwarfdump (1 bugs: 0, 1, 0, 0)
libdwarf-dev
libdwarf1

action needed

A new upstream version is available: 20190529 high

A new upstream version 20190529 is available, you should consider packaging it.

Created: 2018-11-02 Last update: 2019-08-22 19:05

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 20190529-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit dde8359f4944312167bc948afa02809a10a3f3cd
Author: Fabian Wolff <fabi.wolff@arcor.de>
Date:   Sun Jul 14 15:32:43 2019 +0200

    Update symbols file

commit 67968f1c1a062c05881ef544587455f3b878a44c
Author: Fabian Wolff <fabi.wolff@arcor.de>
Date:   Sun Jul 14 14:39:38 2019 +0200

    Remove 00-fix-flags.patch

commit 291b1546ab315953713332013a00f7f410523221
Author: Fabian Wolff <fabi.wolff@arcor.de>
Date:   Sun Jul 14 14:37:16 2019 +0200

    Upgrade to Standards-Version 4.4.0

commit 5a4bdb101231b0fbf9ceb020208c32cf4cf6c6ec
Author: Fabian Wolff <fabi.wolff@arcor.de>
Date:   Sun Jul 14 14:34:33 2019 +0200

    Add new changelog entry for 20190529-1

commit 77ff1b181c5245f1475665b7cae54a7e9bda8a51
Merge: 5197dc9 ff3f573
Author: Fabian Wolff <fabi.wolff@arcor.de>
Date:   Sun Jul 14 14:26:48 2019 +0200

    Update upstream source from tag 'upstream/20190529'
    
    Update to upstream version '20190529'
    with Debian dir b000fd492565f1e01a218c0c24a27ddb5a9adc78

commit ff3f57390ecd840e507e66b8b556a3e3f3dedbe3
Author: Fabian Wolff <fabi.wolff@arcor.de>
Date:   Sun Jul 14 14:26:35 2019 +0200

    New upstream version 20190529

https://salsa.debian.org/api/v4/projects/wolff-guest%2Fdwarfutils.git%2F API request failed: 404 Not Found at /srv/qa.debian.org/data/vcswatch/vcswatch line 387.

Created: 2019-07-15 Last update: 2019-08-22 10:00

26 ignored security issues in jessie low

There are 26 open security issues in jessie.

26 issues skipped by the security teams:

CVE-2016-8680: The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.
CVE-2016-5043: The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted DWARF section.
CVE-2016-5035: The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVE-2016-5037: The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
CVE-2016-5041: dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name.
CVE-2016-9480: libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006.
CVE-2016-9558: (1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negation overflow."
CVE-2017-9055: An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata() a few data types were not checked for being in bounds, leading to a heap-based buffer over-read.
CVE-2016-7510: The read_line_table_program function in dwarf_line_table_reader_common.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via crafted input.
CVE-2016-9276: The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).
CVE-2016-5031: The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVE-2016-5027: dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a denial of service (crash) via a crafted elf file.
CVE-2016-5028: The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections.
CVE-2016-8679: The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.
CVE-2017-9054: An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk() a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read.
CVE-2016-5044: The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted DWARF section.
CVE-2016-5029: The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file.
CVE-2016-5030: The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
CVE-2016-5040: libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header.
CVE-2016-5033: The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
CVE-2016-8681: The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.
CVE-2017-9053: An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in a few places in this function).
CVE-2016-5032: The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVE-2017-9052: An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata() is due to a failure to check a pointer for being in bounds (in a few places in this function) and a failure in a check in dwarf_attr_list().
CVE-2017-9998: The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.
CVE-2016-7511: Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows remote attackers to cause a denial of service (crash) via a crafted file.

Please fix them.

Created: 2015-12-10 Last update: 2019-08-07 09:34

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.0 instead of 4.2.1).

Created: 2018-12-23 Last update: 2019-07-08 20:07

news

[rss feed]

[2018-09-01] dwarfutils 20180809-1 MIGRATED to testing (Debian testing watch)
[2018-08-29] Accepted dwarfutils 20180809-1 (source amd64) into unstable (Fabian Wolff)
[2018-06-03] dwarfutils 20180527-1 MIGRATED to testing (Debian testing watch)
[2018-06-01] Accepted dwarfutils 20180527-1 (source amd64) into unstable (Fabian Wolff)
[2018-02-24] dwarfutils 20180129-1 MIGRATED to testing (Debian testing watch)
[2018-02-17] Accepted dwarfutils 20180129-1 (source amd64) into unstable (Fabian Wolff)
[2017-07-23] dwarfutils 20170709-1 MIGRATED to testing (Debian testing watch)
[2017-07-15] Accepted dwarfutils 20161124-1+deb9u1 (source amd64) into proposed-updates->stable-new, proposed-updates (Fabian Wolff) (signed by: Daniel Stender)
[2017-07-14] Accepted dwarfutils 20170709-1 (source) into unstable (Fabian Wolff) (signed by: Daniel Stender)
[2017-07-13] dwarfutils 20170416-3 MIGRATED to testing (Debian testing watch)
[2017-07-07] Accepted dwarfutils 20170416-3 (source) into unstable (Fabian Wolff) (signed by: Daniel Stender)
[2017-06-23] dwarfutils 20170416-2 MIGRATED to testing (Debian testing watch)
[2017-06-18] Accepted dwarfutils 20170416-2 (source) into unstable (Daniel Stender)
[2017-04-18] Accepted dwarfutils 20170416-1 (source) into experimental (Daniel Stender)
[2016-12-03] dwarfutils 20161124-1 MIGRATED to testing (Debian testing watch)
[2016-11-28] Accepted dwarfutils 20161124-1 (source) into unstable (Fabian Wolff) (signed by: Daniel Stender)
[2016-11-03] dwarfutils 20161021-1 MIGRATED to testing (Debian testing watch)
[2016-10-28] Accepted dwarfutils 20161021-1 (source) into unstable (Daniel Stender)
[2016-10-27] dwarfutils 20161001-2 MIGRATED to testing (Debian testing watch)
[2016-10-21] Accepted dwarfutils 20161001-2 (source) into unstable (Fabian Wolff) (signed by: Daniel Stender)
[2016-10-19] Accepted dwarfutils 20120410-2+deb7u2 (source amd64) into oldstable (Daniel Stender)
[2016-10-11] dwarfutils 20161001-1 MIGRATED to testing (Debian testing watch)
[2016-10-06] dwarfutils 20160929-1 MIGRATED to testing (Debian testing watch)
[2016-10-05] Accepted dwarfutils 20161001-1 (source) into unstable (Fabian Wolff) (signed by: Daniel Stender)
[2016-09-30] Accepted dwarfutils 20160929-1 (source) into unstable (Daniel Stender)
[2016-09-25] Accepted dwarfutils 20160923-1 (source) into unstable (Fabian Wolff) (signed by: Daniel Stender)
[2016-09-24] Accepted dwarfutils 20120410-2+deb7u1 (source amd64) into oldstable (Chris Lamb)
[2016-09-10] Accepted dwarfutils 20120410-2+deb8u1 (source amd64) into proposed-updates->stable-new, proposed-updates (Fabian Wolff) (signed by: Daniel Stender)
[2016-07-02] dwarfutils 20160613-3 MIGRATED to testing (Debian testing watch)
[2016-06-26] Accepted dwarfutils 20160613-3 (source amd64) into unstable (Fabian Wolff) (signed by: Daniel Stender)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 20180809-1