Summary: | <sys-devel/gcc-6.4.0 denial of service (infinite loop, stack overflow, and crash) in the libiberty demangler | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Andrey Ovcharov <sudormrfhalt> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | normal | CC: | jstein, tb, toolchain | ||||||
Priority: | Normal | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6131 | ||||||||
Whiteboard: | A3 [glsa cve] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Bug Depends on: | 638030 | ||||||||
Bug Blocks: | |||||||||
Attachments: |
|
Created attachment 475108 [details, diff]
gcc-6.3-CVE-2016-6131.patch
Thank you! Somehow this ended up in the wrong place. Thanks, how is this going? Is there any vulnerable version in tree? I suppose that summary should have a "<" at the beginning which says that we need to clean up or mask vulnerable versions. @Maintainers could you please confirm? Gentoo Security Padawan ChrisADR (In reply to Christopher Díaz from comment #4) > Thanks, how is this going? Is there any vulnerable version in tree? > > I suppose that summary should have a "<" at the beginning which says that we > need to clean up or mask vulnerable versions. Nope, these are the vulnerable versions. We are going to stabilize 6.4.0 soon, until then we just have to wait here. 5.4.0* will be masked sometime afterwards (for different reasons), 6.3 removed. No further cleanup. please extend mask mask is good. |
Created attachment 475106 [details, diff] gcc-5.4-CVE-2016-6131.patch sys-devel/gcc-{5.4.0,5.4.0-r3,6.3.0} affected CVE-2016-6131