[Buildroot] [PATCH 2/2] package/glibc: bump to version 2.32-4-g69beb5cbf85cae1c61fe7432500ac10880dc7b07

Peter Korsgaard peter at korsgaard.com
Sun Oct 4 09:45:52 UTC 2020


>>>>> "Romain" == Romain Naour <romain.naour at gmail.com> writes:

 > - Support for Synopsys ARC HS cores (ARCv2 ISA) running Linux has been added.
 >   Remove the ARC specific version.

 > - Remove --enable-obsolete-rpc configure option.

 > Security related changes:

 >   CVE-2016-10228: An infinite loop has been fixed in the iconv program when
 >   invoked with the -c option and when processing invalid multi-byte input
 >   sequences.  Reported by Jan Engelhardt.

 >   CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
 >   corruption when they were passed a pseudo-zero argument.  Reported by Guido
 >   Vranken / ForAllSecure Mayhem.

 >   CVE-2020-1752: A use-after-free vulnerability in the glob function when
 >   expanding ~user has been fixed.

 >   CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
 >   memmove functions has been fixed.  Discovered by Jason Royes and Samual
 >   Dytrych of the Cisco Security Assessment and Penetration Team (See
 >   TALOS-2020-1019).

These security fixes were already in 2.31.1, E.G. what we are currently
using, right?

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list