From: Romain Naour <romain.naour@gmail.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 2/2] package/glibc: bump to version 2.32-4-g69beb5cbf85cae1c61fe7432500ac10880dc7b07
Date: Tue, 6 Oct 2020 22:36:55 +0200 [thread overview]
Message-ID: <def26807-e0af-5a4a-787d-a3ec2807cc21@gmail.com> (raw)
In-Reply-To: <87mu12s4rz.fsf@dell.be.48ers.dk>
Hello Peter,
Le 04/10/2020 ? 11:45, Peter Korsgaard a ?crit?:
>>>>>> "Romain" == Romain Naour <romain.naour@gmail.com> writes:
>
> > - Support for Synopsys ARC HS cores (ARCv2 ISA) running Linux has been added.
> > Remove the ARC specific version.
>
> > - Remove --enable-obsolete-rpc configure option.
>
> > Security related changes:
>
> > CVE-2016-10228: An infinite loop has been fixed in the iconv program when
> > invoked with the -c option and when processing invalid multi-byte input
> > sequences. Reported by Jan Engelhardt.
>
> > CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
> > corruption when they were passed a pseudo-zero argument. Reported by Guido
> > Vranken / ForAllSecure Mayhem.
>
> > CVE-2020-1752: A use-after-free vulnerability in the glob function when
> > expanding ~user has been fixed.
>
> > CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
> > memmove functions has been fixed. Discovered by Jason Royes and Samual
> > Dytrych of the Cisco Security Assessment and Penetration Team (See
> > TALOS-2020-1019).
>
> These security fixes were already in 2.31.1, E.G. what we are currently
> using, right?
>
Indeed, they has been added to glibc 2.32 and backported to stable branches.
It's just a copy from the release announcement... we can drop it if you prefer.
Best regards,
Romain
next prev parent reply other threads:[~2020-10-06 20:36 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-02 15:59 [Buildroot] [PATCH 1/2] package/localedef: bump to glibc-2.31-54 Romain Naour
2020-10-02 15:59 ` [Buildroot] [PATCH 2/2] package/glibc: bump to version 2.32-4-g69beb5cbf85cae1c61fe7432500ac10880dc7b07 Romain Naour
2020-10-02 21:57 ` Romain Naour
2020-10-04 9:45 ` Peter Korsgaard
2020-10-06 20:36 ` Romain Naour [this message]
2020-10-06 20:51 ` Peter Korsgaard
2020-10-08 19:59 ` Thomas Petazzoni
2020-11-14 15:19 ` Romain Naour
2020-11-15 14:49 ` Romain Naour
2020-11-16 21:17 ` [Buildroot] [PATCH 2/2] package/glibc: bump to version2.32-4-g69beb5cbf85cae1c61fe7432500ac10880dc7b07 Bernd Kuhls
2020-10-04 9:47 ` [Buildroot] [PATCH 1/2] package/localedef: bump to glibc-2.31-54 Peter Korsgaard
2020-10-10 19:40 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=def26807-e0af-5a4a-787d-a3ec2807cc21@gmail.com \
--to=romain.naour@gmail.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox