Summary: | <sys-devel/gdb-9.1: out of bounds memory access in bfd library (elfcode.h) (CVE-2019-1010180) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | toolchain |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://sourceware.org/bugzilla/show_bug.cgi?id=23657 | ||
Whiteboard: | A3 [glsa+ cve] | ||
Package list: |
sys-devel/gdb-9.1
dev-libs/xxhash-0.6.5
|
Runtime testing required: | --- |
Description
D'juan McDonald (domhnall)
2019-07-24 14:40:59 UTC
This is in gdb 9.1, as per the upstream bug. Doesn't seem that fix is in anything other than 9.1. This has been added to a production version. https://sourceware.org/bugzilla/show_bug.cgi?id=23657#c11 Maintainers, please create an appropriate ebuild, and call for stabilization when ready. We can stabilize existing sys-devel/gdb-9.1. An automated check of this bug failed - repoman reported dependency errors (123 lines truncated):
> dependency.bad sys-devel/gdb/gdb-9.1.ebuild: DEPEND: arm(default/linux/arm/17.0) ['dev-libs/xxhash']
> dependency.bad sys-devel/gdb/gdb-9.1.ebuild: RDEPEND: arm(default/linux/arm/17.0) ['dev-libs/xxhash']
> dependency.bad sys-devel/gdb/gdb-9.1.ebuild: DEPEND: arm64(default/linux/arm64/17.0) ['dev-libs/xxhash']
amd64 stable x86 stable s390 stable sparc stable ppc64 stable ppc stable arm stable ia64 stable New GLSA request filed. This issue was resolved and addressed in GLSA 202003-31 at https://security.gentoo.org/glsa/202003-31 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for remaining architectures. hppa stable arm64 stable with # of unexpected failures 598 SuperH port disbanded. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3d246a8e7d1e202cc441001a27b358d79cd97366 commit 3d246a8e7d1e202cc441001a27b358d79cd97366 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2020-03-29 10:10:58 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2020-03-29 10:10:58 +0000 sys-devel/gdb: drop 8.3.1, bug #690582 Bug: https://bugs.gentoo.org/690582 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> sys-devel/gdb/Manifest | 1 - sys-devel/gdb/files/gdb-8.3.1-gcc-10.patch | 222 ------------------------ sys-devel/gdb/gdb-8.3.1-r1.ebuild | 262 ----------------------------- sys-devel/gdb/gdb-8.3.1.ebuild | 260 ---------------------------- 4 files changed, 745 deletions(-) Let's keep ~m68k. Tree is clean, glsa done, closing. |