(https://nvd.nist.gov/vuln/detail/CVE-2019-12495): An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to a one-byte out-of-bounds write in the gsym_addr function in x86_64-gen.c. This occurs because tccasm.c mishandles section switches. Upstream Patch: https://repo.or.cz/tinycc.git/commit/d04ce7772c2bc2781ab2502e0b1f1964488814b5 Gentoo Security Padawan (domhnall)
CVE-2019-9754 (https://nvd.nist.gov/vuln/detail/CVE-2019-9754): An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the end_macro function in tccpp.c.
ping(In reply to GLSAMaker/CVETool Bot from comment #1) > CVE-2019-9754 (https://nvd.nist.gov/vuln/detail/CVE-2019-9754): > An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. > Compiling a crafted source file leads to an 1 byte out of bounds write in > the end_macro function in tccpp.c. "Fixed in mob" (https://lists.nongnu.org/archive/html/tinycc-devel/2019-03/msg00042.html). So any snapshot of git would work.
Ping
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=717eba5b5cfb78b1438c348882b34c88b3dc173a commit 717eba5b5cfb78b1438c348882b34c88b3dc173a Author: Sam James <sam@gentoo.org> AuthorDate: 2021-10-25 12:34:24 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-10-25 12:35:11 +0000 dev-lang/tcc: add 0.9.27_p20211022 (glibc-2.34, security fixes) Upstream development seems to just be rolling now too. Closes: https://bugs.gentoo.org/806511 Bug: https://bugs.gentoo.org/737092 Bug: https://bugs.gentoo.org/715428 Bug: https://bugs.gentoo.org/765652 Bug: https://bugs.gentoo.org/687114 Signed-off-by: Sam James <sam@gentoo.org> dev-lang/tcc/Manifest | 1 + dev-lang/tcc/tcc-0.9.27_p20211022.ebuild | 80 ++++++++++++++++++++++++++++++++ dev-lang/tcc/tcc-9999.ebuild | 43 ++++++++++------- 3 files changed, 106 insertions(+), 18 deletions(-)
Tree is clean
