Date: Fri, 29 Sep 2017 17:22:31 +0200 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Cc: Efraim Flashner <efraim@...shner.co.il> Subject: Re: binutils: heap-based buffer overflow in _bfd_x86_elf_get_synthetic_symtab (elfxx-x86.c) On mercoledì 27 settembre 2017 12:20:15 CEST Efraim Flashner wrote: > On Tue, Sep 26, 2017 at 07:03:41AM +0000, Agostino Sarubbo wrote: > > Affected version: > > 22.214.171.12470921 and maybe past releases > > As best as I can see, it looks like the bug was introduced after the > 2.28 series was frozen/split-off, and there is no part of the patch that > applies to the 2.28.1 release. > > I have not, however, tried the reproducer. The provided testcase works for me after the commit 98c5dfc99444094652c2f2259126f70e5cacf56f -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ