From: Richard Purdie <richard.purdie@linuxfoundation.org>
To: Steve Sakoman <steve@sakoman.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [OE-core][kirkstone 09/16] binutils: Fix CVE-2022-47007
Date: Thu, 23 Nov 2023 14:54:47 +0000 [thread overview]
Message-ID: <e4abdda583ad11aaa70c2ee53e0c756547cbdb6b.camel@linuxfoundation.org> (raw)
In-Reply-To: <CAOSpxdbYSdnkLCb0Qyh9w1ZdwbZsEgsvKQfMCaNk8j=0d6d=7w@mail.gmail.com>
On Thu, 2023-11-23 at 04:49 -1000, Steve Sakoman wrote:
> On Thu, Nov 23, 2023 at 2:41 AM Richard Purdie
> <richard.purdie@linuxfoundation.org> wrote:
> >
> > On Tue, 2023-11-21 at 16:31 -1000, Steve Sakoman wrote:
> > > From: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
> > >
> > > Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
> > > Signed-off-by: Steve Sakoman <steve@sakoman.com>
> > > ---
> > > .../binutils/binutils-2.38.inc | 1 +
> > > .../binutils/0033-CVE-2022-47007.patch | 34 +++++++++++++++++++
> > > 2 files changed, 35 insertions(+)
> > > create mode 100644 meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
> > >
> > > diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc
> > > index 43cc97f1ef..dc29141812 100644
> > > --- a/meta/recipes-devtools/binutils/binutils-2.38.inc
> > > +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc
> > > @@ -67,5 +67,6 @@ SRC_URI = "\
> > > file://0031-CVE-2022-47695.patch \
> > > file://CVE-2022-48063.patch \
> > > file://0032-CVE-2022-47010.patch \
> > > + file://0033-CVE-2022-47007.patch \
> > > "
> > > S = "${WORKDIR}/git"
> > > diff --git a/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
> > > new file mode 100644
> > > index 0000000000..cc6dfe684b
> > > --- /dev/null
> > > +++ b/meta/recipes-devtools/binutils/binutils/0033-CVE-2022-47007.patch
> > > @@ -0,0 +1,34 @@
> > > +From: Alan Modra <amodra@gmail.com>
> > > +Date: Thu, 16 Jun 2022 23:30:41 +0000 (+0930)
> > > +Subject: PR29254, memory leak in stab_demangle_v3_arg
> > > +X-Git-Tag: binutils-2_39~237
> > > +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb
> > > +
> > > +PR29254, memory leak in stab_demangle_v3_arg
> > > +
> > > + PR 29254
> > > + * stabs.c (stab_demangle_v3_arg): Free dt on failure path.
> > > +
> > > +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=0ebc886149c22aceaf8ed74267821a59ca9d03eb]
> > > +
> > > +CVE: CVE-2022-47007
> > > +
> > > +Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
> > > +---
> > > +
> >
> > This has not merged to master yet. It probably will but...
>
> This CVE shouldn't affect master, it is for binutils versions 2.34
> thru 2.38, while master is 2.41
>
> See: https://nvd.nist.gov/vuln/detail/CVE-2022-47007
This was merged to master but clearly shouldn't be as it was reverted
upstream as part of:
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=19cacf672930cee20feaf1f3468e3d5ac3099ffd
Cheers,
Richard
next prev parent reply other threads:[~2023-11-23 14:54 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-22 2:30 [OE-core][kirkstone 00/16] Patch review Steve Sakoman
2023-11-22 2:30 ` [OE-core][kirkstone 01/16] tiff: Backport fix for CVE-2023-41175 Steve Sakoman
2023-11-22 2:30 ` [OE-core][kirkstone 02/16] grub: fix CVE-2023-4692 Steve Sakoman
2023-11-22 2:31 ` [OE-core][kirkstone 03/16] qemu 6.2.0: Fix CVE-2023-1544 Steve Sakoman
2023-11-22 2:31 ` [OE-core][kirkstone 04/16] avahi: fix CVE-2023-38471 Steve Sakoman
2023-11-22 2:31 ` [OE-core][kirkstone 05/16] avahi: fix CVE-2023-38470 Steve Sakoman
2023-11-22 2:31 ` [OE-core][kirkstone 06/16] avahi: fix CVE-2023-38469 Steve Sakoman
2023-11-22 2:31 ` [OE-core][kirkstone 07/16] avahi: fix CVE-2023-38472 Steve Sakoman
2023-11-22 2:31 ` [OE-core][kirkstone 08/16] avahi: fix CVE-2023-38473 Steve Sakoman
2023-11-22 2:31 ` [OE-core][kirkstone 09/16] binutils: Fix CVE-2022-47007 Steve Sakoman
2023-11-23 12:41 ` Richard Purdie
2023-11-23 14:49 ` Steve Sakoman
2023-11-23 14:54 ` Richard Purdie [this message]
2023-11-22 2:31 ` [OE-core][kirkstone 10/16] binutils: Fix CVE-2022-48064 Steve Sakoman
2023-11-22 2:31 ` [OE-core][kirkstone 11/16] ghostscript: ignore GhostPCL CVE-2023-38560 Steve Sakoman
2023-11-22 2:31 ` [OE-core][kirkstone 12/16] go: ignore CVE-2023-45283 and CVE-2023-45284 Steve Sakoman
2023-11-22 2:31 ` [OE-core][kirkstone 13/16] sudo: upgrade 1.9.13p3 -> 1.9.15p2 Steve Sakoman
2023-11-22 2:31 ` [OE-core][kirkstone 14/16] go: Fix issue in DNS resolver Steve Sakoman
2023-11-22 2:31 ` [OE-core][kirkstone 15/16] goarch: Move Go architecture mapping to a library Steve Sakoman
2023-11-23 12:40 ` Richard Purdie
2023-11-23 13:45 ` Bruce Ashfield
2023-11-23 14:53 ` Steve Sakoman
2023-11-22 2:31 ` [OE-core][kirkstone 16/16] libxcrypt: fixed some build error for nativesdk with mingw Steve Sakoman
2023-11-23 12:39 ` Richard Purdie
2023-11-23 14:37 ` Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e4abdda583ad11aaa70c2ee53e0c756547cbdb6b.camel@linuxfoundation.org \
--to=richard.purdie@linuxfoundation.org \
--cc=openembedded-core@lists.openembedded.org \
--cc=steve@sakoman.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox