diff --git a/backport-CVE-2025-1352.patch b/backport-CVE-2025-1352.patch
new file mode 100644
index 0000000000000000000000000000000000000000..cbe691f1f211f8c85037a23680661c85082b2eff
--- /dev/null
+++ b/backport-CVE-2025-1352.patch
@@ -0,0 +1,149 @@
+From 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Sat, 8 Feb 2025 20:00:12 +0100
+Subject: [PATCH] libdw: Simplify __libdw_getabbrev and fix dwarf_offabbrev
+ issue
+
+__libdw_getabbrev could crash on reading a bad abbrev by trying to
+deallocate memory it didn't allocate itself. This could happen because
+dwarf_offabbrev would supply its own memory when calling
+__libdw_getabbrev. No other caller did this.
+
+Simplify the __libdw_getabbrev common code by not taking external
+memory to put the abbrev result in (this would also not work correctly
+if the abbrev was already cached). And make dwarf_offabbrev explicitly
+copy the result (if there was no error or end of abbrev).
+
+ * libdw/dwarf_getabbrev.c (__libdw_getabbrev): Don't take
+ Dwarf_Abbrev result argument. Always just allocate abb when
+ abbrev not found in cache.
+ (dwarf_getabbrev): Don't pass NULL as last argument to
+ __libdw_getabbrev.
+ * libdw/dwarf_tag.c (__libdw_findabbrev): Likewise.
+ * libdw/dwarf_offabbrev.c (dwarf_offabbrev): Likewise. And copy
+ abbrev into abbrevp on success.
+ * libdw/libdw.h (dwarf_offabbrev): Document return values.
+ * libdw/libdwP.h (__libdw_getabbrev): Don't take Dwarf_Abbrev
+ result argument.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=32650
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+---
+ libdw/dwarf_getabbrev.c | 12 ++++--------
+ libdw/dwarf_offabbrev.c | 10 +++++++---
+ libdw/dwarf_tag.c | 3 +--
+ libdw/libdw.h | 4 +++-
+ libdw/libdwP.h | 3 +--
+ 5 files changed, 16 insertions(+), 16 deletions(-)
+
+diff --git a/libdw/dwarf_getabbrev.c b/libdw/dwarf_getabbrev.c
+index 5b02333f..d9a6c022 100644
+--- a/libdw/dwarf_getabbrev.c
++++ b/libdw/dwarf_getabbrev.c
+@@ -1,5 +1,6 @@
+ /* Get abbreviation at given offset.
+ Copyright (C) 2003, 2004, 2005, 2006, 2014, 2017 Red Hat, Inc.
++ Copyright (C) 2025 Mark J. Wielaard <mark@klomp.org>
+ This file is part of elfutils.
+ Written by Ulrich Drepper <drepper@redhat.com>, 2003.
+
+@@ -38,7 +39,7 @@
+ Dwarf_Abbrev *
+ internal_function
+ __libdw_getabbrev (Dwarf *dbg, struct Dwarf_CU *cu, Dwarf_Off offset,
+- size_t *lengthp, Dwarf_Abbrev *result)
++ size_t *lengthp)
+ {
+ /* Don't fail if there is not .debug_abbrev section. */
+ if (dbg->sectiondata[IDX_debug_abbrev] == NULL)
+@@ -85,12 +86,7 @@ __libdw_getabbrev (Dwarf *dbg, struct Dwarf_CU *cu, Dwarf_Off offset,
+ Dwarf_Abbrev *abb = NULL;
+ if (cu == NULL
+ || (abb = Dwarf_Abbrev_Hash_find (&cu->abbrev_hash, code)) == NULL)
+- {
+- if (result == NULL)
+- abb = libdw_typed_alloc (dbg, Dwarf_Abbrev);
+- else
+- abb = result;
+- }
++ abb = libdw_typed_alloc (dbg, Dwarf_Abbrev);
+ else
+ {
+ foundit = true;
+@@ -183,5 +179,5 @@ dwarf_getabbrev (Dwarf_Die *die, Dwarf_Off offset, size_t *lengthp)
+ return NULL;
+ }
+
+- return __libdw_getabbrev (dbg, cu, abbrev_offset + offset, lengthp, NULL);
++ return __libdw_getabbrev (dbg, cu, abbrev_offset + offset, lengthp);
+ }
+diff --git a/libdw/dwarf_offabbrev.c b/libdw/dwarf_offabbrev.c
+index 27cdad64..41df69bf 100644
+--- a/libdw/dwarf_offabbrev.c
++++ b/libdw/dwarf_offabbrev.c
+@@ -41,11 +41,15 @@ dwarf_offabbrev (Dwarf *dbg, Dwarf_Off offset, size_t *lengthp,
+ if (dbg == NULL)
+ return -1;
+
+- Dwarf_Abbrev *abbrev = __libdw_getabbrev (dbg, NULL, offset, lengthp,
+- abbrevp);
++ Dwarf_Abbrev *abbrev = __libdw_getabbrev (dbg, NULL, offset, lengthp);
+
+ if (abbrev == NULL)
+ return -1;
+
+- return abbrev == DWARF_END_ABBREV ? 1 : 0;
++ if (abbrev == DWARF_END_ABBREV)
++ return 1;
++
++ *abbrevp = *abbrev;
++
++ return 0;
+ }
+diff --git a/libdw/dwarf_tag.c b/libdw/dwarf_tag.c
+index d784970c..218382a1 100644
+--- a/libdw/dwarf_tag.c
++++ b/libdw/dwarf_tag.c
+@@ -53,8 +53,7 @@ __libdw_findabbrev (struct Dwarf_CU *cu, unsigned int code)
+
+ /* Find the next entry. It gets automatically added to the
+ hash table. */
+- abb = __libdw_getabbrev (cu->dbg, cu, cu->last_abbrev_offset, &length,
+- NULL);
++ abb = __libdw_getabbrev (cu->dbg, cu, cu->last_abbrev_offset, &length);
+ if (abb == NULL || abb == DWARF_END_ABBREV)
+ {
+ /* Make sure we do not try to search for it again. */
+diff --git a/libdw/libdw.h b/libdw/libdw.h
+index d53dc787..ec4713a6 100644
+--- a/libdw/libdw.h
++++ b/libdw/libdw.h
+@@ -587,7 +587,9 @@ extern int dwarf_srclang (Dwarf_Die *die);
+ extern Dwarf_Abbrev *dwarf_getabbrev (Dwarf_Die *die, Dwarf_Off offset,
+ size_t *lengthp);
+
+-/* Get abbreviation at given offset in .debug_abbrev section. */
++/* Get abbreviation at given offset in .debug_abbrev section. On
++ success return zero and fills in ABBREVP. When there is no (more)
++ abbrev at offset returns one. On error returns a negative value. */
+ extern int dwarf_offabbrev (Dwarf *dbg, Dwarf_Off offset, size_t *lengthp,
+ Dwarf_Abbrev *abbrevp)
+ __nonnull_attribute__ (4);
+diff --git a/libdw/libdwP.h b/libdw/libdwP.h
+index d6bab606..0cff5c26 100644
+--- a/libdw/libdwP.h
++++ b/libdw/libdwP.h
+@@ -795,8 +795,7 @@ extern Dwarf_Abbrev *__libdw_findabbrev (struct Dwarf_CU *cu,
+
+ /* Get abbreviation at given offset. */
+ extern Dwarf_Abbrev *__libdw_getabbrev (Dwarf *dbg, struct Dwarf_CU *cu,
+- Dwarf_Off offset, size_t *lengthp,
+- Dwarf_Abbrev *result)
++ Dwarf_Off offset, size_t *lengthp)
+ __nonnull_attribute__ (1) internal_function;
+
+ /* Get abbreviation of given DIE, and optionally set *READP to the DIE memory
+--
+2.27.0
+
diff --git a/backport-CVE-2025-1365.patch b/backport-CVE-2025-1365.patch
new file mode 100644
index 0000000000000000000000000000000000000000..eb5f6bfeb614e1524b4a6e10986da74b1ce565ec
--- /dev/null
+++ b/backport-CVE-2025-1365.patch
@@ -0,0 +1,147 @@
+From 5e5c0394d82c53e97750fe7b18023e6f84157b81 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Sat, 8 Feb 2025 21:44:56 +0100
+Subject: [PATCH] libelf, readelf: Use validate_str also to check dynamic
+ symstr data
+
+When dynsym/str was read through eu-readelf --dynamic by readelf
+process_symtab the string data was not validated, possibly printing
+unallocated memory past the end of the symstr data. Fix this by
+turning the elf_strptr validate_str function into a generic
+lib/system.h helper function and use it in readelf to validate the
+strings before use.
+
+ * libelf/elf_strptr.c (validate_str): Remove to...
+ * lib/system.h (validate_str): ... here. Make inline, simplify
+ check and document.
+ * src/readelf.c (process_symtab): Use validate_str on symstr_data.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=32654
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+---
+ lib/system.h | 27 +++++++++++++++++++++++++++
+ libelf/elf_strptr.c | 18 ------------------
+ src/readelf.c | 18 +++++++++++++++---
+ 3 files changed, 42 insertions(+), 21 deletions(-)
+
+diff --git a/lib/system.h b/lib/system.h
+index 0db12d99..0698e5ff 100644
+--- a/lib/system.h
++++ b/lib/system.h
+@@ -34,6 +34,7 @@
+ #include <config.h>
+
+ #include <errno.h>
++#include <stdbool.h>
+ #include <stddef.h>
+ #include <stdint.h>
+ #include <string.h>
+@@ -117,6 +118,32 @@ startswith (const char *str, const char *prefix)
+ return strncmp (str, prefix, strlen (prefix)) == 0;
+ }
+
++/* Return TRUE if STR[FROM] is a valid string with a zero terminator
++ at or before STR[TO - 1]. Note FROM is an index into the STR
++ array, while TO is the maximum size of the STR array. This
++ function returns FALSE when TO is zero or FROM >= TO. */
++static inline bool
++validate_str (const char *str, size_t from, size_t to)
++{
++#if HAVE_DECL_MEMRCHR
++ // Check end first, which is likely a zero terminator,
++ // to prevent function call
++ return (to > 0
++ && (str[to - 1] == '\0'
++ || (to > from
++ && memrchr (&str[from], '\0', to - from - 1) != NULL)));
++#else
++ do {
++ if (to <= from)
++ return false;
++
++ to--;
++ } while (str[to]);
++
++ return true;
++#endif
++}
++
+ /* A special gettext function we use if the strings are too short. */
+ #define sgettext(Str) \
+ ({ const char *__res = strrchr (_(Str), '|'); \
+diff --git a/libelf/elf_strptr.c b/libelf/elf_strptr.c
+index 79a24d25..c5a94f82 100644
+--- a/libelf/elf_strptr.c
++++ b/libelf/elf_strptr.c
+@@ -53,24 +53,6 @@ get_zdata (Elf_Scn *strscn)
+ return zdata;
+ }
+
+-static bool validate_str (const char *str, size_t from, size_t to)
+-{
+-#if HAVE_DECL_MEMRCHR
+- // Check end first, which is likely a zero terminator, to prevent function call
+- return ((to > 0 && str[to - 1] == '\0')
+- || (to - from > 0 && memrchr (&str[from], '\0', to - from - 1) != NULL));
+-#else
+- do {
+- if (to <= from)
+- return false;
+-
+- to--;
+- } while (str[to]);
+-
+- return true;
+-#endif
+-}
+-
+ char *
+ elf_strptr (Elf *elf, size_t idx, size_t offset)
+ {
+diff --git a/src/readelf.c b/src/readelf.c
+index 6526db07..c43fda35 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -2639,6 +2639,7 @@ process_symtab (Ebl *ebl, unsigned int nsyms, Elf64_Word idx,
+ char typebuf[64];
+ char bindbuf[64];
+ char scnbuf[64];
++ const char *sym_name;
+ Elf32_Word xndx;
+ GElf_Sym sym_mem;
+ GElf_Sym *sym
+@@ -2650,6 +2651,19 @@ process_symtab (Ebl *ebl, unsigned int nsyms, Elf64_Word idx,
+ /* Determine the real section index. */
+ if (likely (sym->st_shndx != SHN_XINDEX))
+ xndx = sym->st_shndx;
++ if (use_dynamic_segment == true)
++ {
++ if (validate_str (symstr_data->d_buf, sym->st_name,
++ symstr_data->d_size))
++ sym_name = (char *)symstr_data->d_buf + sym->st_name;
++ else
++ sym_name = NULL;
++ }
++ else
++ sym_name = elf_strptr (ebl->elf, idx, sym->st_name);
++
++ if (sym_name == NULL)
++ sym_name = "???";
+
+ printf (_ ("\
+ %5u: %0*" PRIx64 " %6" PRId64 " %-7s %-6s %-9s %6s %s"),
+@@ -2662,9 +2676,7 @@ process_symtab (Ebl *ebl, unsigned int nsyms, Elf64_Word idx,
+ get_visibility_type (GELF_ST_VISIBILITY (sym->st_other)),
+ ebl_section_name (ebl, sym->st_shndx, xndx, scnbuf,
+ sizeof (scnbuf), NULL, shnum),
+- use_dynamic_segment == true
+- ? (char *)symstr_data->d_buf + sym->st_name
+- : elf_strptr (ebl->elf, idx, sym->st_name));
++ sym_name);
+
+ if (versym_data != NULL)
+ {
+--
+2.27.0
+
diff --git a/backport-CVE-2025-1371.patch b/backport-CVE-2025-1371.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4e6557a737e2e4cdd4e73b0e70461e2259c49491
--- /dev/null
+++ b/backport-CVE-2025-1371.patch
@@ -0,0 +1,37 @@
+From b38e562a4c907e08171c76b8b2def8464d5a104a Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Sun, 9 Feb 2025 00:07:13 +0100
+Subject: [PATCH] readelf: Handle NULL phdr in handle_dynamic_symtab
+
+A corrupt ELF file can have broken program headers, in which case
+gelf_getphdr returns NULL. This could crash handle_dynamic_symtab
+while searching for the PT_DYNAMIC phdr. Fix this by checking whether
+gelf_phdr returns NULL.
+
+ * src/readelf.c (handle_dynamic_symtab): Check whether
+ gelf_getphdr returns NULL.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=32655
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+---
+ src/readelf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/readelf.c b/src/readelf.c
+index c43fda35..21b92a08 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -2912,7 +2912,7 @@ handle_dynamic_symtab (Ebl *ebl)
+ for (size_t i = 0; i < phnum; ++i)
+ {
+ phdr = gelf_getphdr (ebl->elf, i, &phdr_mem);
+- if (phdr->p_type == PT_DYNAMIC)
++ if (phdr == NULL || phdr->p_type == PT_DYNAMIC)
+ break;
+ }
+ if (phdr == NULL)
+--
+2.33.0
+
+
diff --git a/backport-CVE-2025-1372.patch b/backport-CVE-2025-1372.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a203402eddf7e592cf09d509fa7a9e1c36269bb9
--- /dev/null
+++ b/backport-CVE-2025-1372.patch
@@ -0,0 +1,47 @@
+From 73db9d2021cab9e23fd734b0a76a612d52a6f1db Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Sun, 9 Feb 2025 00:07:39 +0100
+Subject: [PATCH] readelf: Skip trying to uncompress sections without a name
+
+When combining eu-readelf -z with -x or -p to dump the data or strings
+in an (corrupted ELF) unnamed numbered section eu-readelf could crash
+trying to check whether the section name starts with .zdebug. Fix this
+by skipping sections without a name.
+
+ * src/readelf.c (dump_data_section): Don't try to gnu decompress a
+ section without a name.
+ (print_string_section): Likewise.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=32656
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+---
+ src/readelf.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/readelf.c b/src/readelf.c
+index 21b92a08..da379216 100644
+--- a/src/readelf.c
++++ b/src/readelf.c
+@@ -13327,7 +13327,7 @@ dump_data_section (Elf_Scn *scn, const GElf_Shdr *shdr, const char *name)
+ _("Couldn't uncompress section"),
+ elf_ndxscn (scn));
+ }
+- else if (startswith (name, ".zdebug"))
++ else if (name && startswith (name, ".zdebug"))
+ {
+ if (elf_compress_gnu (scn, 0, 0) < 0)
+ printf ("WARNING: %s [%zd]\n",
+@@ -13378,7 +13378,7 @@ print_string_section (Elf_Scn *scn, const GElf_Shdr *shdr, const char *name)
+ _("Couldn't uncompress section"),
+ elf_ndxscn (scn));
+ }
+- else if (startswith (name, ".zdebug"))
++ else if (name && startswith (name, ".zdebug"))
+ {
+ if (elf_compress_gnu (scn, 0, 0) < 0)
+ printf ("WARNING: %s [%zd]\n",
+--
+2.33.0
+
+
diff --git a/backport-CVE-2025-1376.patch b/backport-CVE-2025-1376.patch
new file mode 100644
index 0000000000000000000000000000000000000000..3b191c58eca36b9c968030d20daa2881772b6741
--- /dev/null
+++ b/backport-CVE-2025-1376.patch
@@ -0,0 +1,53 @@
+From b16f441cca0a4841050e3215a9f120a6d8aea918 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Thu, 13 Feb 2025 00:02:32 +0100
+Subject: [PATCH] libelf: Handle elf_strptr on section without any data
+
+In the unlikely situation that elf_strptr was called on a section with
+sh_size already set, but that doesn't have any data yet we could crash
+trying to verify the string to return.
+
+This could happen for example when a new section was created with
+elf_newscn, but no data having been added yet.
+
+ * libelf/elf_strptr.c (elf_strptr): Check strscn->rawdata_base
+ is not NULL.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=32672
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+---
+ libelf/elf_strptr.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/libelf/elf_strptr.c b/libelf/elf_strptr.c
+index c5a94f82..7be7f5e8 100644
+--- a/libelf/elf_strptr.c
++++ b/libelf/elf_strptr.c
+@@ -1,5 +1,6 @@
+ /* Return string pointer from string section.
+ Copyright (C) 1998-2002, 2004, 2008, 2009, 2015 Red Hat, Inc.
++ Copyright (C) 2025 Mark J. Wielaard <mark@klomp.org>
+ This file is part of elfutils.
+ Contributed by Ulrich Drepper <drepper@redhat.com>, 1998.
+
+@@ -183,9 +184,12 @@ elf_strptr (Elf *elf, size_t idx, size_t offset)
+ // initialized yet (when data_read is zero). So we cannot just
+ // look at the rawdata.d.d_size.
+
+- /* Make sure the string is NUL terminated. Start from the end,
+- which very likely is a NUL char. */
+- if (likely (validate_str (strscn->rawdata_base, offset, sh_size)))
++ /* First check there actually is any data. This could be a new
++ section which hasn't had any data set yet. Then make sure
++ the string is at a valid offset and NUL terminated. */
++ if (unlikely (strscn->rawdata_base == NULL))
++ __libelf_seterrno (ELF_E_INVALID_SECTION);
++ else if (likely (validate_str (strscn->rawdata_base, offset, sh_size)))
+ result = &strscn->rawdata_base[offset];
+ else
+ __libelf_seterrno (ELF_E_INVALID_INDEX);
+--
+2.33.0
+
+
diff --git a/backport-CVE-2025-1377.patch b/backport-CVE-2025-1377.patch
new file mode 100644
index 0000000000000000000000000000000000000000..55137225caf66fd2843deb3b7e7f5aeb6a3d8572
--- /dev/null
+++ b/backport-CVE-2025-1377.patch
@@ -0,0 +1,63 @@
+From fbf1df9ca286de3323ae541973b08449f8d03aba Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Thu, 13 Feb 2025 14:59:34 +0100
+Subject: [PATCH] strip: Verify symbol table is a real symbol table
+
+We didn't check the symbol table referenced from the relocation table
+was a real symbol table. This could cause a crash if that section
+happened to be an SHT_NOBITS section without any data. Fix this by
+adding an explicit check.
+
+ * src/strip.c (INTERNAL_ERROR_MSG): New macro that takes a
+ message string to display.
+ (INTERNAL_ERROR): Use INTERNAL_ERROR_MSG with elf_errmsg (-1).
+ (remove_debug_relocations): Check the sh_link referenced
+ section is real and isn't a SHT_NOBITS section.
+
+https://sourceware.org/bugzilla/show_bug.cgi?id=32673
+
+Signed-off-by: Mark Wielaard <mark@klomp.org>
+---
+ src/strip.c | 14 +++++++++++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
+
+diff --git a/src/strip.c b/src/strip.c
+index 3812fb17..8d2bb7a9 100644
+--- a/src/strip.c
++++ b/src/strip.c
+@@ -126,13 +126,14 @@ static char *tmp_debug_fname = NULL;
+ /* Close debug file descriptor, if opened. And remove temporary debug file. */
+ static void cleanup_debug (void);
+
+-#define INTERNAL_ERROR(fname) \
++#define INTERNAL_ERROR_MSG(fname, msg) \
+ do { \
+ cleanup_debug (); \
+ error_exit (0, _("%s: INTERNAL ERROR %d (%s): %s"), \
+- fname, __LINE__, PACKAGE_VERSION, elf_errmsg (-1)); \
++ fname, __LINE__, PACKAGE_VERSION, msg); \
+ } while (0)
+
++#define INTERNAL_ERROR(fname) INTERNAL_ERROR_MSG(fname, elf_errmsg (-1))
+
+ /* Name of the output file. */
+ static const char *output_fname;
+@@ -631,7 +632,14 @@ remove_debug_relocations (Ebl *ebl, Elf *elf, GElf_Ehdr *ehdr,
+ resolve relocation symbol indexes. */
+ Elf64_Word symt = shdr->sh_link;
+ Elf_Data *symdata, *xndxdata;
+- Elf_Scn * symscn = elf_getscn (elf, symt);
++ Elf_Scn *symscn = elf_getscn (elf, symt);
++ GElf_Shdr symshdr_mem;
++ GElf_Shdr *symshdr = gelf_getshdr (symscn, &symshdr_mem);
++ if (symshdr == NULL)
++ INTERNAL_ERROR (fname);
++ if (symshdr->sh_type == SHT_NOBITS)
++ INTERNAL_ERROR_MSG (fname, "NOBITS section");
++
+ symdata = elf_getdata (symscn, NULL);
+ xndxdata = get_xndxdata (elf, symscn);
+ if (symdata == NULL)
+--
+2.27.0
+
diff --git a/elfutils.spec b/elfutils.spec
index dc65e62116afef066c11a198575ee1d397cb1e35..f717c3bca378f33347048d6562eae2ac893cebac 100644
--- a/elfutils.spec
+++ b/elfutils.spec
@@ -1,6 +1,6 @@
Name: elfutils
Version: 0.192
-Release: 3
+Release: 4
Summary: A collection of utilities and DSOs to handle ELF files and DWARF data
URL: https://elfutils.org/
License: GPL-3.0-or-later AND (GPL-2.0-or-later OR LGPL-3.0-or-later)
@@ -8,6 +8,12 @@ Source: https://sourceware.org/elfutils/ftp/%{version}/elfutils-%{version}.tar.b
Patch0: Fix-segfault-in-eu-ar-m.patch
Patch1: Fix-issue-of-moving-files-by-ar-or-br.patch
+Patch6000: backport-CVE-2025-1352.patch
+Patch6001: backport-CVE-2025-1365.patch
+Patch6002: backport-CVE-2025-1371.patch
+Patch6003: backport-CVE-2025-1372.patch
+Patch6004: backport-CVE-2025-1376.patch
+Patch6005: backport-CVE-2025-1377.patch
Requires: elfutils-libelf = %{version}-%{release}
Requires: elfutils-libs = %{version}-%{release}
@@ -301,6 +307,9 @@ exit 0
%systemd_postun_with_restart debuginfod.service
%changelog
+* Sun Feb 16 2025 shixuantong <shixuantong1@huawei.com> - 0.192-4
+- fix CVE-2025-1352 CVE-2025-1365 CVE-2025-1371 CVE-2025-1372 CVE-2025-1376 CVE-2025-1377
+
* Wed Feb 05 2025 Funda Wang <fundawang@yeah.net> - 0.192-3
- correctly fix libdebuginfod.so requirement