Package not found: devel:languages:python:backports/python-combi
Overview

File project.diff of Package elfutils

--- elfutils.changes.orig
+++ elfutils.changes
@@ -68,8 +68,14 @@ Mon Feb 18 07:47:27 UTC 2019 - Martin Li
 
   backends: riscv improved core file and return value location support.
 
-  Fixes CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7150,
-        CVE-2019-7664, CVE-2019-7665
+  Fixes CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664
+
+  - CVE-2019-7150: dwfl_segment_report_module doesn't check whether
+    the dyn data read from core file is truncated (bnc#1123685)
+
+  - CVE-2019-7665: NT_PLATFORM core file note should be a zero
+    terminated string (CVE is a bit misleading, as this is not a bug
+    in libelf as described) (bnc#1125007)
 
 -------------------------------------------------------------------
 Fri Nov 16 13:28:34 UTC 2018 - Martin Liška <mliska@suse.cz>
@@ -92,7 +98,14 @@ Fri Nov 16 13:28:34 UTC 2018 - Martin Li
   backends: RISCV handles ADD/SUB relocations.
             Handle SHT_X86_64_UNWIND.
 
-  Fixes CVE-2018-18310, CVE-2018-18520 and CVE-2018-18521.
+  - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the
+    function arlib_add_symbols() used by eu-ranlib (bnc#1112723)
+
+  - CVE-2018-18310: Invalid Address Read problem in
+    dwfl_segment_report_module.c (bnc#1111973)
+
+  - CVE-2018-18520: eu-size: Bad handling of ar files inside are
+    files (bnc#1112726)
 
 - remove disable-backtrace-dwarf-test.patch patch - the test
   works now
@@ -123,6 +136,15 @@ Mon Sep 17 10:21:35 UTC 2018 - Martin Li
   backends: RISCV and M68K now have backend implementations to
             generate CFI based backtraces.
 
+  - CVE-2018-16402: libelf: denial of service/double free on an
+    attempt to decompress the same section twice (bnc#1107066)
+    Double-free crash in nm and readelf
+
+  - CVE-2018-16403: heap buffer overflow in readelf (bnc#1107067)
+
+  - CVE-2018-16062: heap-buffer-overflow in
+    /elfutils/libdw/dwarf_getaranges.c:156 (bnc#1106390)
+
 -------------------------------------------------------------------
 Wed Aug 15 12:37:46 UTC 2018 - antoine.belvire@opensuse.org
 
@@ -244,6 +266,20 @@ Fri Mar  9 09:21:05 UTC 2018 - rguenther
   backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
             Frame pointer unwinding fallback support for i386, x86_64, aarch64.
   translations: Update Polish translation.
+  - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and
+    application crash) via a crafted ELF file (bnc#1033088)
+  - CVE-2017-7610: elflint: heap-based buffer overflow in check_group
+    (bnc#1033087)
+  - CVE-2017-7609: memory allocation failure in __libelf_decompress
+    (bnc#1033086)
+  - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi
+    (readelf.c) (bnc#1033084)
+  - CVE-2017-7608: heap-based buffer overflow in
+    ebl_object_note_type_name (eblobjnotetypename.c) (bnc#1033085)
+  - CVE-2017-7613: elfutils: denial of service (memory consumption)
+    via a crafted ELF file (bnc#1033090)
+  - CVE-2017-7612: elfutils: denial of service (heap-based buffer
+    over-read and application crash) via a crafted ELF file (bnc#1033089)
 - Remove obsolete 0001-backends-Add-support-for-EM_PPC64-GNU_ATTRIBUTES.patch
   and ppc-machine-flags.patch
 - Add elfutils-0.170-stripnothing.patch to robustify test and avoid a FAIL.
openSUSE Build Service is sponsored by
Places