The setup_group function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a group section that is too small.
2.29, 2.29.1 affected
Fixed in git master, patch does not apply to 2.29 branch
Fixed upstream in master and 2.30 branch, will be in Gentoo 2.30 patchlevel 2
(In reply to Andreas K. Hüttel from comment #2)
> Fixed upstream in master and 2.30 branch, will be in Gentoo 2.30 patchlevel 2
> and later.
Actually, is alrady fixed in sys-devel/binutils-2.30
@maintainer(s), are we able to proceed here? not sure if GLSA is still needed as upgrade path already established for 2.30-r4 fulfilled.
also, removing blocked and stable from whiteboard to reflect current state.