Summary: | <sys-devel/binutils-2.35.2: heap buffer overflow (CVE-2020-35448) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 779805 | ||
Bug Blocks: | 678806 |
Description
John Helmert III
![]() ![]() ![]() ![]() Cherry-picked for 2.35.1 patchset 3 (In reply to Andreas K. Hüttel from comment #1) > Cherry-picked for 2.35.1 patchset 3 Also cherry-picked for 2.35.2 patchset 1, fixed in sys-devel/binutils/2.35.2 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b7c7bf9cf98bc2f32234865faf2c352c16362334 commit b7c7bf9cf98bc2f32234865faf2c352c16362334 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2021-05-16 10:00:08 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2021-05-16 10:01:04 +0000 package.mask: Extend binutils mask to <2.35.2 Bug: https://bugs.gentoo.org/761957 Bug: https://bugs.gentoo.org/678806 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> profiles/package.mask | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) All affected versions masked. No cleanup (toolchain). GLSA request filed. This issue was resolved and addressed in GLSA 202107-24 at https://security.gentoo.org/glsa/202107-24 by GLSA coordinator John Helmert III (ajak). |