Splitting this off into a separate bug. > > CVE-2017-14933 > (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14933): > > read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) > library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote > attackers to cause a denial of service (infinite loop) via a crafted ELF > file. > > References: > > https://sourceware.org/bugzilla/show_bug.cgi?id=22210 > https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git; > h=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573 > https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git; > h=33e0a9a056bd23e923b929a4f2ab049ade0b1c32 > Patch doesn't trivially apply to 2.29.1. Deferred.
Fixed in 2.30
This issue was resolved and addressed in GLSA 201811-17 at https://security.gentoo.org/glsa/201811-17 by GLSA coordinator Aaron Bauman (b-man).