Dear release team, libiberty needs to be updated in Jessie, because the newer version fixes many security issues:
CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490 CVE-2016-4492 CVE-2016-4493 CVE-2016-2226 CVE-2016-6131 Also libiberty is statically linked against "ht" which is also should be updated in order to fix same CVEs, becuase ht used embedded copy of libiberty (#840358). Please review an attached patch (filtered). Thanks Anton
diff -Nru libiberty-20141014/debian/changelog libiberty-20161017/debian/changelog --- libiberty-20141014/debian/changelog 2014-10-14 14:24:19.000000000 +0200 +++ libiberty-20161017/debian/changelog 2016-10-17 21:05:57.000000000 +0200 @@ -1,3 +1,38 @@ +libiberty (20161017-1+deb8u1) jessie-proposed-updates; urgency=medium + + * Update to the latest version. Fix security issues. + CVE-2016-4487 CVE-2016-4488 CVE-2016-4489 CVE-2016-4490 + CVE-2016-4492 CVE-2016-4493 CVE-2016-2226 CVE-2016-6131 + + -- Anton Gladky <gl...@debian.org> Mon, 17 Oct 2016 21:05:57 +0200 + +libiberty (20161017-1) unstable; urgency=medium + + * Update to 20161017 (CVE-2016-6131). Closes: #840889. + * Don't apply "fixes" which are not yet accepted upstream. + + -- Matthias Klose <d...@debian.org> Mon, 17 Oct 2016 11:37:08 +0200 + +libiberty (20161011-1) unstable; urgency=medium + + * Update to 20161011 (security issues fixed: CVE-2016-6131, CVE-2016-4493, + CVE-2016-4492, CVE-2016-4491, CVE-2016-4490, CVE-2016-4489, CVE-2016-4488, + CVE-2016-4487, CVE-2016-2226. Closes: #840360. + + -- Matthias Klose <d...@debian.org> Tue, 11 Oct 2016 09:14:23 +0200 + +libiberty (20160807-1) unstable; urgency=medium + + * Update to 20160807. + + -- Matthias Klose <d...@debian.org> Sun, 07 Aug 2016 14:03:33 +0200 + +libiberty (20160215-1) unstable; urgency=medium + + * Update to 20160215. + + -- Matthias Klose <d...@debian.org> Mon, 15 Feb 2016 20:15:28 +0100 + libiberty (20141014-1) unstable; urgency=medium * Update to 20141014. diff -Nru libiberty-20141014/debian/compat libiberty-20161017/debian/compat --- libiberty-20141014/debian/compat 2013-11-16 20:38:52.000000000 +0100 +++ libiberty-20161017/debian/compat 2016-02-15 20:15:24.000000000 +0100 @@ -1 +1 @@ -7 +9 diff -Nru libiberty-20141014/debian/control libiberty-20161017/debian/control --- libiberty-20141014/debian/control 2014-10-14 14:23:49.000000000 +0200 +++ libiberty-20161017/debian/control 2016-08-07 14:04:01.000000000 +0200 @@ -3,8 +3,8 @@ Priority: optional Maintainer: Debian GCC Maintainers <debian-...@lists.debian.org> Uploaders: Matthias Klose <d...@debian.org> -Build-Depends: debhelper (>= 8.0.0), autotools-dev -Standards-Version: 3.9.6 +Build-Depends: debhelper (>= 9), autotools-dev +Standards-Version: 3.9.8 Homepage: http://gcc.gnu.org/ Package: libiberty-dev diff -Nru libiberty-20141014/debian/patches/use-ldflags.diff libiberty-20161017/debian/patches/use-ldflags.diff --- libiberty-20141014/debian/patches/use-ldflags.diff 2014-10-14 14:28:49.000000000 +0200 +++ libiberty-20161017/debian/patches/use-ldflags.diff 2016-10-11 09:17:52.000000000 +0200 @@ -2,7 +2,7 @@ =================================================================== --- a/libiberty/Makefile.in +++ b/libiberty/Makefile.in -@@ -415,7 +415,7 @@ TAGS: $(CFILES) +@@ -416,7 +416,7 @@ etags tags TAGS: etags-subdir demangle: $(ALL) $(srcdir)/cp-demangle.c @echo "The standalone demangler, now named c++filt, is now" @echo "a part of binutils."
