Date: Mon, 15 Jun 2015 22:11:49 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 200888] CVE-2012-3509 libiberty: integer overflow Message-ID: <bug-200888-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200888 Bug ID: 200888 Summary: CVE-2012-3509 libiberty: integer overflow Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: gnu Assignee: freebsd-bugs@FreeBSD.org Reporter: pfg@FreeBSD.org Created attachment 157772 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=157772&action=edit fix from OpenBSD CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary. I stopped using gcc a while ago so I have no idea how useful/important this may be. OpenBSD has applied the following change: http://freshbsd.org/commit/openbsd/c507578c3b16e773f91845211533295791f6b94d I have translated it to the attached patch. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-200888-8>