#47420 - binutils is vulnerable to CVE-2021-20197 (and various others)

Package	Source(s)		Maintainer(s)
guix		PTS Buildd Popcon

Message #10 received at 47420@debbugs.gnu.org (full text, mbox, reply):

Received: (at 47420) by debbugs.gnu.org; 26 Mar 2021 21:56:42 +0000
From debbugs-submit-bounces@debbugs.gnu.org Fri Mar 26 17:56:42 2021
Received: from localhost ([127.0.0.1]:42737 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lPuRe-0008Mw-67
	for submit@debbugs.gnu.org; Fri, 26 Mar 2021 17:56:42 -0400
Received: from mail.zaclys.net ([178.33.93.72]:34709)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <lle-bout@zaclys.net>) id 1lPuRb-0008Mh-Ij
 for 47420@debbugs.gnu.org; Fri, 26 Mar 2021 17:56:40 -0400
Received: from [192.168.0.44] (82-64-145-38.subs.proxad.net [82.64.145.38])
 (authenticated bits=0)
 by mail.zaclys.net (8.14.7/8.14.7) with ESMTP id 12QLuW4o037751
 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
 for <47420@debbugs.gnu.org>; Fri, 26 Mar 2021 22:56:33 +0100
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.zaclys.net 12QLuW4o037751
Authentication-Results: mail.zaclys.net;
 dmarc=fail (p=reject dis=none) header.from=zaclys.net
Authentication-Results: mail.zaclys.net;
 spf=fail smtp.mailfrom=lle-bout@zaclys.net
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zaclys.net;
 s=default; t=1616795793;
 bh=bIed75h4dQ5qIwbcNKIOr9/pswZ743+2AovOveHgMyw=;
 h=Subject:From:To:Date:In-Reply-To:References:From;
 b=R4fbbzAMyXGoytvvCn45k8hcyF2txiVMXTPJ3UB8sUrtbBpUU6chwQRH/ySkWOw8c
 tMqAMA+kj3rPHVRDaiFGJtVGJ2Cgah3SW4j46MWkMVb4g00IuD9CkmYPxBX01c+x+n
 63NnKPHH7XoburucKsp98Lx8Y2Rl78px07U7YNDY=
Message-ID: <229d740c124ef1133bdaa032222302ac99e398a8.camel@zaclys.net>
Subject: Re: bug#47420: binutils is vulnerable to CVE-2021-20197 (and
 various others)
From: Léo Le Bouter <lle-bout@zaclys.net>
To: 47420@debbugs.gnu.org
Date: Fri, 26 Mar 2021 22:56:32 +0100
In-Reply-To: <669bea321d23f39ac5bb902dc930f4056f07ec78.camel@zaclys.net>
References: <669bea321d23f39ac5bb902dc930f4056f07ec78.camel@zaclys.net>
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-go+0q18WHXMh5uRcFL9p"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 47420
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

[Message part 1 (text/plain, inline)]

Another:

CVE-2021-20284	18:15
A flaw was found in GNU Binutils 2.35.1, where there is a heap-based
buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c due
to the number of symbols not calculated correctly. The highest threat
from this vulnerability is to system availability.

[signature.asc (application/pgp-signature, inline)]

Display info messages

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Thu Mar 13 14:37:39 2025; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

#47420 binutils is vulnerable to CVE-2021-20197 (and various others)