libiberty (20170913-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: stack Exhaustion in C++ demangling
    - debian/patches/CVE-2018-9138.patch: limit recusion and add
      --no-recruse-limit option to tools that support name demangling.
    - debian/patches/CVE-2018-9138-2.patch: fix a failure in the libiberty
      testsuite by increasing the recursion limit to 2048.
    - CVE-2018-9138
    - CVE-2018-12641
    - CVE-2018-12697
    - CVE-2018-12698
    - CVE-2018-17794
    - CVE-2018-17985
    - CVE-2018-18484
    - CVE-2018-18700
    - CVE-2018-18701
  * SECURITY UPDATE: excessive memory consumption
    - debian/patches/CVE-2018-12934.patch: remove support for demangling
      GCC 2.x era mangling schemes.
    - CVE-2018-12934
    - CVE-2018-18483
  * SECURITY UPDATE: stack consumption and heap-based buffer over-read
    - debian/patches/CVE-2019-907x.patch: reject negative lengths and add
      recursion counter.
    - CVE-2019-9070
    - CVE-2019-9071
  * SECURITY UPDATE: integer overflow and heap-based buffer overflow
    - debian/patches/CVE-2019-14250.patch: check zero value shstrndx.
    - CVE-2019-14250

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 01 Apr 2020 09:55:08 -0400

libiberty (20170913-1) unstable; urgency=medium

  * Update to 20170913.

 -- Matthias Klose <doko@debian.org>  Wed, 13 Sep 2017 12:42:06 +0200

libiberty (20170627-1) unstable; urgency=medium

  * Update to 20170627.
    - Addresses CVE-2016-4491.

 -- Matthias Klose <doko@debian.org>  Tue, 27 Jun 2017 15:52:55 +0200

libiberty (20161220-1) unstable; urgency=medium

  * Update to 20161220.

 -- Matthias Klose <doko@debian.org>  Tue, 20 Dec 2016 12:25:09 +0100

libiberty (20161017-1) unstable; urgency=medium

  * Update to 20161017 (CVE-2016-6131). Closes: #840889.
  * Don't apply "fixes" which are not yet accepted upstream.

 -- Matthias Klose <doko@debian.org>  Mon, 17 Oct 2016 11:37:08 +0200

libiberty (20161011-1) unstable; urgency=medium

  * Update to 20161011 (security issues fixed: CVE-2016-6131, CVE-2016-4493,
    CVE-2016-4492, CVE-2016-4491, CVE-2016-4490, CVE-2016-4489, CVE-2016-4488,
    CVE-2016-4487, CVE-2016-2226. Closes: #840360.

 -- Matthias Klose <doko@debian.org>  Tue, 11 Oct 2016 09:14:23 +0200

libiberty (20160807-1) unstable; urgency=medium

  * Update to 20160807.

 -- Matthias Klose <doko@debian.org>  Sun, 07 Aug 2016 14:03:33 +0200

libiberty (20160215-1) unstable; urgency=medium

  * Update to 20160215.

 -- Matthias Klose <doko@debian.org>  Mon, 15 Feb 2016 20:15:28 +0100

libiberty (20141014-1) unstable; urgency=medium

  * Update to 20141014.

 -- Matthias Klose <doko@debian.org>  Tue, 14 Oct 2014 14:23:53 +0200

libiberty (20140612-1) unstable; urgency=medium

  * Update to 20140612.
    - Fixes infinite recursion in the demangler. PR gdb/14963, LP: #1315590.
  * Use dh_autotools-dev to update config.{sub,guess}. Closes: #743673.

 -- Matthias Klose <doko@debian.org>  Thu, 12 Jun 2014 16:25:23 +0200

libiberty (20131116-1) unstable; urgency=low

  * Initial release.

 -- Matthias Klose <doko@debian.org>  Sat, 16 Nov 2013 19:30:20 +0000