Date: Wed, 27 Sep 2017 13:20:15 +0300 From: Efraim Flashner <efraim@...shner.co.il> To: oss-security@...ts.openwall.com Subject: Re: binutils: heap-based buffer overflow in _bfd_x86_elf_get_synthetic_symtab (elfxx-x86.c) On Tue, Sep 26, 2017 at 07:03:41AM +0000, Agostino Sarubbo wrote: > > Affected version: > 22.214.171.12470921 and maybe past releases > As best as I can see, it looks like the bug was introduced after the 2.28 series was frozen/split-off, and there is no part of the patch that applies to the 2.28.1 release. I have not, however, tried the reproducer. -- Efraim Flashner <efraim@...shner.co.il> אפרים פלשנר GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ