Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 641506 (CVE-2016-4491, CVE-2016-4492) - <sys-devel/gcc-7.2.0 : multiple vulnerabilities
Summary: <sys-devel/gcc-7.2.0 : multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2016-4491, CVE-2016-4492
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.openwall.com/lists/oss-sec...
Whiteboard: A2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-12-17 22:45 UTC by Andreas K. Hüttel
Modified: 2020-04-16 06:27 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas K. Hüttel gentoo-dev 2017-12-17 22:45:20 UTC
Split out from bug 582240:

> 
> 5) Various Stack Corruptions (Patch under Review)
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909
> https://gcc.gnu.org/ml/gcc-patches/2016-05/threads.html#00105

CVE-2016-4491
Fixed upstream in 7.1 and later

> 
> 6) Write Access Violation (Patch under Review)
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926
> https://gcc.gnu.org/ml/gcc-patches/2016-05/threads.html#00223

CVE-2016-4492
Fixed upstream in 7.1 and later
Comment 1 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-08-10 17:27:59 UTC
please extend the mask so we can close this
Comment 2 Sam James archtester gentoo-dev Security 2020-03-15 14:57:58 UTC
(In reply to Andreas K. Hüttel from comment #0)
> Split out from bug 582240:
> 
> > 
> > 5) Various Stack Corruptions (Patch under Review)
> > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909
> > https://gcc.gnu.org/ml/gcc-patches/2016-05/threads.html#00105
> 
> CVE-2016-4491
> Fixed upstream in 7.1 and later

Patch: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=e96d1d8c7877ef25a2ef502b2685ba36b9913fd2

> 
> > 
> > 6) Write Access Violation (Patch under Review)
> > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926
> > https://gcc.gnu.org/ml/gcc-patches/2016-05/threads.html#00223
> 
> CVE-2016-4492
> Fixed upstream in 7.1 and later

Patch: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=03ef0c6c55ab81002abef62cec430d0496c3a01c

---

AFAICT, neither of these have the fix in -r1 patchset (https://gitweb.gentoo.org/proj/gcc-patches.git/tree/6.5.0/gentoo). I also checked the git history but nothing seemingly.
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2020-04-16 06:27:25 UTC
Never closed - No longer in tree.