[arm-none-eabi-binutils-cs/f21] fix directory traversal vulnerability (#1162657)
Michal Hlavinka
mhlavink at fedoraproject.org
Wed Nov 12 18:00:36 UTC 2014
commit 0fbbca69b77824d0fd7bdbdc38947427f3bb3eda
Author: Michal Hlavinka <mhlavink at redhat.com>
Date: Wed Nov 12 19:00:30 2014 +0100
fix directory traversal vulnerability (#1162657)
- fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable
- fix CVE-2014-8502: heap overflow in objdump
- fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file
- fix CVE-2014-8504: stack overflow in the SREC parser
.gitignore | 1 +
arm-none-eabi-binutils-cs.spec | 15 ++++++++++-----
sources | 2 +-
3 files changed, 12 insertions(+), 6 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 4733104..df25a17 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
/binutils-2012.09-63.tar.bz2
/binutils-2013.05-23.tar.bz2
/binutils-2013.11-24.tar.bz2
+/binutils-2014.05-28.tar.bz2
diff --git a/arm-none-eabi-binutils-cs.spec b/arm-none-eabi-binutils-cs.spec
index 59956d5..e0344ef 100644
--- a/arm-none-eabi-binutils-cs.spec
+++ b/arm-none-eabi-binutils-cs.spec
@@ -1,8 +1,8 @@
# CodeSourcery releases are identified by a date, a release number,
# and a package number for downloading from their web site
-%global cs_date 2013.11
-%global cs_rel 24
-%global cs_pkgnum 12189
+%global cs_date 2014.05
+%global cs_rel 28
+%global cs_pkgnum 12773
%global binutils_ver 2.23
%global processor_arch arm
@@ -10,7 +10,7 @@
Name: %{target}-binutils-cs
Version: %{cs_date}.%{cs_rel}
-Release: 4%{?dist}
+Release: 2%{?dist}
Summary: GNU Binutils for cross-compilation for %{target} target
Group: Development/Tools
# Most of the sources are licensed under GPLv3+ with these exceptions:
@@ -52,6 +52,7 @@ of FSF.
%prep
%setup -q -n binutils-%{cs_date}
cp -p %{SOURCE1} .
+rm -rf gdb sim
%patch2 -p1 -b .cve_2014_8501
%patch3 -p1 -b .cve_2014_8502pre
%patch4 -p1 -b .cve_2014_8502
@@ -64,6 +65,7 @@ cp -p %{SOURCE1} .
--target=%{target} \
--enable-interwork \
--enable-multilib \
+ --enable-plugins \
--disable-nls \
--disable-shared \
--disable-threads \
@@ -98,13 +100,16 @@ rm -r %{buildroot}%{_infodir}
%changelog
-* Wed Nov 12 2014 Michal Hlavinka <mhlavink at redhat.com> - 2013.11.24-4
+* Wed Nov 12 2014 Michal Hlavinka <mhlavink at redhat.com> - 2014.05.28-2
- fix directory traversal vulnerability (#1162657)
- fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable
- fix CVE-2014-8502: heap overflow in objdump
- fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file
- fix CVE-2014-8504: stack overflow in the SREC parser
+* Wed Aug 20 2014 Michal Hlavinka <mhlavink at redhat.com> - 2014.05.28-1
+- updated to 2014.05-28
+
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2013.11.24-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
diff --git a/sources b/sources
index 006ea7e..3c92d7b 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-a588664f5e062d0bdac6c820849cd48c binutils-2013.11-24.tar.bz2
+683ca27cadcbf94c5773596a4d33d57a binutils-2014.05-28.tar.bz2
More information about the scm-commits
mailing list