Hi Moritz, hi Matthias, On Mon, Oct 10, 2016 at 11:47:22PM +0200, Moritz Muehlenhoff wrote: > Source: libiberty > Severity: important > Tags: security > > Several security issues have been reported in libiberty, > the security tracker has additional references: > https://security-tracker.debian.org/tracker/CVE-2016-6131 > https://security-tracker.debian.org/tracker/CVE-2016-4493 > https://security-tracker.debian.org/tracker/CVE-2016-4492 > https://security-tracker.debian.org/tracker/CVE-2016-4491 > https://security-tracker.debian.org/tracker/CVE-2016-4490 > https://security-tracker.debian.org/tracker/CVE-2016-4489 > https://security-tracker.debian.org/tracker/CVE-2016-4488 > https://security-tracker.debian.org/tracker/CVE-2016-4487 > https://security-tracker.debian.org/tracker/CVE-2016-2226 > > These are all fixed in trunk since 2016-08-04, the source > package currently in sid as libiberty-20160807 does not > contain those, though.
I think from the above still two are unfixed with the unstable upload from this morning: CVE-2016-4491: -> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909 -> https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html CVE-2016-6131 -> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71696 -> https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=239143 Regards, Salvatore
