Re: CVE-2016-6131 binutils, gdb, valgrind etc.
Brian May <bam@debian.org> writes:
> I have a build of binutils for all pending CVEs except CVE-2016-4491,
I had another look at CVE-2016-4491. Looks like the following patch from
upstream git is a prerequisite. Unfortunately this patch does not apply
cleanly either. So I found a potential prerequisite for this patch, it
doesn't apply cleanly either. If I continue down this track much
further, I might as well just use the latest upstream version.
Upstream source: https://www.gnu.org/software/binutils/
git clone git://sourceware.org/git/binutils-gdb.git
As this CVE is considered to be a minor issue (stack overflow due to
potential infinite recursion) I am inclined to think patching this CVE
is not worth it.
commit 9548bbede51868a9a780d7d21ae16ac13e8bdf9b
Author: gary <gary@138bc75d-0d04-0410-961f-82ee72b054a4>
Date: Fri Oct 25 13:56:51 2013 +0000
libiberty/ 2013-10-25 Gary Benson <gbenson@redhat.com>
* cp-demangle.c (struct d_saved_scope): New structure.
(struct d_print_info): New fields saved_scopes and
num_saved_scopes.
(d_print_init): Initialize the above.
(d_print_free): New function.
(cplus_demangle_print_callback): Call the above.
(d_copy_templates): New function.
(d_print_comp): New variables saved_templates and
need_template_restore.
[DEMANGLE_COMPONENT_REFERENCE,
DEMANGLE_COMPONENT_RVALUE_REFERENCE]: Capture scope the first
time the component is traversed, and use the captured scope for
subsequent traversals.
* testsuite/demangle-expected: Add regression test.
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@204068 138bc75d-0d04-0410-961f-82ee72b054a4
--
Brian May <bam@debian.org>
Reply to: