[Buildroot] [PATCH 2/2] package/glibc: bump to version 2.32-4-g69beb5cbf85cae1c61fe7432500ac10880dc7b07
Peter Korsgaard
peter at korsgaard.com
Sun Oct 4 09:45:52 UTC 2020
>>>>> "Romain" == Romain Naour <romain.naour at gmail.com> writes:
> - Support for Synopsys ARC HS cores (ARCv2 ISA) running Linux has been added.
> Remove the ARC specific version.
> - Remove --enable-obsolete-rpc configure option.
> Security related changes:
> CVE-2016-10228: An infinite loop has been fixed in the iconv program when
> invoked with the -c option and when processing invalid multi-byte input
> sequences. Reported by Jan Engelhardt.
> CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
> corruption when they were passed a pseudo-zero argument. Reported by Guido
> Vranken / ForAllSecure Mayhem.
> CVE-2020-1752: A use-after-free vulnerability in the glob function when
> expanding ~user has been fixed.
> CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
> memmove functions has been fixed. Discovered by Jason Royes and Samual
> Dytrych of the Cisco Security Assessment and Penetration Team (See
> TALOS-2020-1019).
These security fixes were already in 2.31.1, E.G. what we are currently
using, right?
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list