Package "binutils-s390x-linux-gnu-dbg"

  binutils (2.38-4ubuntu2.7) jammy-security; urgency=medium

  * SECURITY UPDATE: Incorrect access control
    - debian/patches/CVE-2024-57360.patch: avoid potential
      segmentation fault when displaying symbols without version
      info in binutils/nm.c.
    - CVE-2024-57360
  * SECURITY UPDATE: Stack-based overflow
    - debian/patches/CVE-2025-0840.patch: fixing boundaries
      checking in binutils/objdump.c.
    - CVE-2025-0840

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 05 Feb 2025 12:56:02 -0300

  binutils (2.38-4ubuntu2.6) jammy-security; urgency=medium

  * SECURITY UPDATE: segmentation fault in objdump.c compare_symbols
    - debian/patches/CVE-2022-47695.patch: test symbol flags to exclude
      section and synthetic symbols before attempting to check flavour
      (compare_symbols).
    - CVE-2022-47695
  * SECURITY UPDATE: excessive memory allocation in objdump.c
    - debian/patches/CVE-2022-48063.patch: check that the amount of memory to
      be allocated matches the size of the section
      (load_specific_debug_section).
    - CVE-2022-48063
  * SECURITY UPDATE: Memory leak in find_abstract_instance in dwarf2.c
    - debian/patches/CVE-2022-48065.patch: remove memory leaks due to double
      allocation of the name variable, and free memory before re-assigning a
      new naming variable
    - CVE-2022-48065

 -- Nick Galanis <email address hidden> Tue, 23 Jan 2024 15:08:56 +0000

  binutils (2.38-4ubuntu2.5) jammy-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in dwarf.c
    - debian/patches/CVE-2022-44840.patch: delete range check (end_cu_tu_entry
      and add_shndx_to_cu_tu_entry) and fill shndx_pool by directly scanning
      pool, rather than indirectly from index entries (process_cu_tu_index).
    - CVE-2022-44840
  * SECURITY UPDATE: heap buffer overflow in dwarf.c
    - debian/patches/CVE-2022-45703-0.patch: combine sanity checks. Calculate
      element counts, not word counts (display_gdb_index).
    - debian/patches/CVE-2022-45703-1.patch: typo fix.
    - CVE-2022-45703
  * SECURITY UPDATE: memory leak in stabs.c
    - debian/patches/CVE-2022-47007.patch: free dt on failure path
      (stab_demangle_v3_arg).
    - CVE-2022-47007
  * SECURITY UPDATE: memory leak in bucomm.c
    - debian/patches/CVE-2022-47008.patch: free template on all failure paths
      (make_tempdir, make_tempname).
    - CVE-2022-47008
  * SECURITY UPDATE: memory leak in prdbg.c
    - debian/patches/CVE-2022-47010.patch: free "s" on failure path
      (pr_function_type).
    - CVE-2022-47010
  * SECURITY UPDATE: memory leak in stabs.c
    - debian/patches/CVE-2022-47011.patch: free "fields" on failure path
      (parse_stab_struct_fields).
    - CVE-2022-47011

 -- Nick Galanis <email address hidden> Wed, 03 Jan 2024 13:16:50 +0200

  binutils (2.38-4ubuntu2.4) jammy-security; urgency=medium

  * SECURITY UPDATE: reachable assertion failure in dwarf.c
    - debian/patches/CVE-2022-35205.patch: replace assert with a warning
      message (display_debug_names).
    - CVE-2022-35205

  * SECURITY UPDATE: illegal memory access flaw in elf.c while parsing an
    ELF file
    - debian/patches/CVE-2022-4285.patch: Fix an illegal memory access when
      parsing an ELF file containing corrupt symbol version information.
    - CVE-2022-4285

 -- Nick Galanis <email address hidden> Mon, 04 Dec 2023 10:57:50 +0000

  binutils (2.38-4ubuntu2.3) jammy-proposed; urgency=medium

  * SRU: LP: #2022845. Update from the binutils 2.38 branch:
    - Fix PR ld/29435: elf: Reset alignment for each PT_LOAD segment.
    - PowerPC64 pcrel got relocs against local symbols.
    - Fix PR ld/27998: i386: Don't allow GOTOFF relocation against
      IFUNC symbol for PIC.
    - Fix PR ld/29377: x86: Properly check invalid relocation against
      protected symbol.
  * Ignore lto-wrapper warnings when running the testsuite.

 -- Matthias Klose <email address hidden> Sun, 04 Jun 2023 08:49:40 +0200