[Bug 849693] CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary
bugzilla at redhat.com
bugzilla at redhat.com
Wed Sep 26 17:31:06 UTC 2012
https://bugzilla.redhat.com/show_bug.cgi?id=849693
--- Comment #15 from Toshio Kuratomi <tkuratom at redhat.com> ---
libiberty is one of the libraries that have been granted an exception to be
bundled by the FPC (actually, the exception was granted by FESCo in the period
during which FESCo had that responsibility). Therefore, this affects all
packages that bundle libiberty as well.
According to the Guidelines, packages that bundle libiberty are supposed to
have a virtual Provides: bundled(libiberty) However, repoquery only mentions
one package:
$ repoquery -q --whatprovides 'bundled(libiberty)'
insight-0:7.4.50-1.20120403cvs.fc16.x86_64
When libiberty was granted an exception by FESCo in the F13 time frame, an
audit of the package set by ajax found 24 packages that bundled libiberty:
https://fedorahosted.org/fesco/ticket/370#comment:13
So someone's going to have to re-audit the packageset, identify the packages
that bundle libiberty, update them, and also add the Provides:
bundled(libiberty) so that this is easier the next time around.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the mingw
mailing list