[riscv32-elf-newlib] [Security] arbitrary code execution (CVE-2021-3420)

Attached to Project: Community Packages
Opened by Jonas Witschel (diabonas) - Thursday, 18 March 2021, 10:54 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:07 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Levente Polyak (anthraxx) Filipe Laíns (FFY00)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Summary
=======

The package riscv32-elf-newlib is vulnerable to arbitrary code execution via CVE-2021-3420.

Guidance
========

Updating riscv32-elf-newlib to the latest version 4.1.0 (or applying the patch referenced below) fixes the issue.

References
==========

https://security.archlinux.org/AVG-1628
https://bugzilla.redhat.com/show_bug.cgi?id=1934088
https://sourceware.org/git/?p=newlib-cygwin.git;a=commitdiff;h=aa106b29a6a8a1b0df9e334704292cbc32f2d44e

This task depends upon

Closed by Buggy McBugFace (bugbot)
Saturday, 25 November 2023, 20:07 GMT
Reason for closing: Moved
Additional comments about closing: https://gitlab.archlinux.org/archlinux/p ackaging/packages/riscv32-elf-newlib/iss ues/2

Details

Loading...