Summary: | <sys-devel/gcc-{9.4.0,10.3.0,11.1.0}: Straight Line Speculation mitigation for ARMv8 (CVE-2020-13844) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | herrtimson |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://gcc.gnu.org/pipermail/gcc-patches/2020-June/547520.html | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=646758 | ||
Whiteboard: | A4 [glsa? cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 727606 |
Description
Sam James
2020-06-09 01:26:06 UTC
To be clear, I do not expect toolchain@ to add these patches themselves before they are accepted upstream -- this is just to keep track. The fixes are being backported to 9.x and 10.x: https://gcc.gnu.org/pipermail/gcc-patches/2020-July/550369.html. Looks like the patches made it into 9.4.0 (20da13e395bde597d8337167c712039c8f923c3b), 10.3.0 (50703e93a82df4af69c692d01b980b3b2c0eb53e), and 11.1.0 (a9ba2a9b77bec7eacaf066801f22d1c366a2bc86). Doesn't look like it was backported to 8.x, so I guess we're at [cleanup]? 8.x and 9.x are now masked. All affected versions are gone. |