CVE-2019-6488 (https://nvd.nist.gov/vuln/detail/CVE-2019-6488): The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.
@maintainer(s), please let us know what patchset this was fixed in (if at all) for 2.28.
That is a https://sourceware.org/PR24097. I don't think gentoo has a fix in 2.28. Does it matter? 2.28 is masked in gentoo.
As per upstream: __________________________ H.J. Lu 2019-01-22 03:52:25 UTC Fixed for 2.29: commit 5165de69c0908e28a380cbd4bb054e55ea4abc95 Author: H.J. Lu <hjl.tools@gmail.com> Date: Mon Jan 21 11:36:36 2019 -0800 x86-64 strnlen/wcsnlen: Properly handle the length parameter [BZ# 24097] _________________________________________________ 2.29 has been masked in tree. Added to an existing GLSA Request.
This issue was resolved and addressed in GLSA 202006-04 at https://security.gentoo.org/glsa/202006-04 by GLSA coordinator Aaron Bauman (b-man).