Summary: | <sys-devel/binutils-2.28.1: stack overflow in score_opcodes function (CVE-2017-9742) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Aleksandr Wagner (Kivak) <alwag> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | Flags: | stable-bot:
sanity-check+
|
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa cve] | ||
Package list: |
=sys-devel/binutils-2.28.1
|
Runtime testing required: | Yes |
Description
Aleksandr Wagner (Kivak)
2017-07-11 05:47:11 UTC
Sorry everyone I have made a mistake. This vulnerability does not exist in the sys-libs/binutils-libs, it is actually located in the sys-devel/binutils package. Security please assign rating. commit cf5003fe2fc3b45f366d0a3c6fdf834ed9d54321 Author: Matthias Maier <tamiko@gentoo.org> Date: Tue Aug 1 19:05:14 2017 -0500 sys-devel/binutils: version bump to 2.28.1, patchset 1.0 Includes fixes for bugs #622036 #622500 #622886 #624524 #624702 Package-Manager: Portage-2.3.6, Repoman-2.3.3 @arches, please stabilize. Should also include binutils-libs? ia64 stable arm stable The same bug is again the issue: https://bugs.gentoo.org/show_bug.cgi?id=612436 Is there anything that can be done to prevent it? amd64 stable alpha stable ppc stable ppc64 stable I run into test failures while trying to stabilize on x86, see bug 629326. Please tell me how to proceed. sparc stable (thanks to Dakon) x86 stable stable for hppa (thanks to Rolf Eike Beer) Last arch is done here! @Maintainer(s): Please clean the vulnerable versions from the tree. All vulnerable versions are masked. No cleanup (toolchain package). This issue was resolved and addressed in GLSA 201709-02 at https://security.gentoo.org/glsa/201709-02 by GLSA coordinator Aaron Bauman (b-man). |