[Buildroot] [PATCH 2/2] package/glibc: bump to version 2.32-4-g69beb5cbf85cae1c61fe7432500ac10880dc7b07
Romain Naour
romain.naour at gmail.com
Tue Oct 6 20:36:55 UTC 2020
Hello Peter,
Le 04/10/2020 à 11:45, Peter Korsgaard a écrit :
>>>>>> "Romain" == Romain Naour <romain.naour at gmail.com> writes:
>
> > - Support for Synopsys ARC HS cores (ARCv2 ISA) running Linux has been added.
> > Remove the ARC specific version.
>
> > - Remove --enable-obsolete-rpc configure option.
>
> > Security related changes:
>
> > CVE-2016-10228: An infinite loop has been fixed in the iconv program when
> > invoked with the -c option and when processing invalid multi-byte input
> > sequences. Reported by Jan Engelhardt.
>
> > CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
> > corruption when they were passed a pseudo-zero argument. Reported by Guido
> > Vranken / ForAllSecure Mayhem.
>
> > CVE-2020-1752: A use-after-free vulnerability in the glob function when
> > expanding ~user has been fixed.
>
> > CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
> > memmove functions has been fixed. Discovered by Jason Royes and Samual
> > Dytrych of the Cisco Security Assessment and Penetration Team (See
> > TALOS-2020-1019).
>
> These security fixes were already in 2.31.1, E.G. what we are currently
> using, right?
>
Indeed, they has been added to glibc 2.32 and backported to stable branches.
It's just a copy from the release announcement... we can drop it if you prefer.
Best regards,
Romain
More information about the buildroot
mailing list