[Buildroot] [PATCH 2/2] package/glibc: bump to version 2.32-4-g69beb5cbf85cae1c61fe7432500ac10880dc7b07

Romain Naour romain.naour at gmail.com
Tue Oct 6 20:36:55 UTC 2020


Hello Peter,

Le 04/10/2020 à 11:45, Peter Korsgaard a écrit :
>>>>>> "Romain" == Romain Naour <romain.naour at gmail.com> writes:
> 
>  > - Support for Synopsys ARC HS cores (ARCv2 ISA) running Linux has been added.
>  >   Remove the ARC specific version.
> 
>  > - Remove --enable-obsolete-rpc configure option.
> 
>  > Security related changes:
> 
>  >   CVE-2016-10228: An infinite loop has been fixed in the iconv program when
>  >   invoked with the -c option and when processing invalid multi-byte input
>  >   sequences.  Reported by Jan Engelhardt.
> 
>  >   CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
>  >   corruption when they were passed a pseudo-zero argument.  Reported by Guido
>  >   Vranken / ForAllSecure Mayhem.
> 
>  >   CVE-2020-1752: A use-after-free vulnerability in the glob function when
>  >   expanding ~user has been fixed.
> 
>  >   CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
>  >   memmove functions has been fixed.  Discovered by Jason Royes and Samual
>  >   Dytrych of the Cisco Security Assessment and Penetration Team (See
>  >   TALOS-2020-1019).
> 
> These security fixes were already in 2.31.1, E.G. what we are currently
> using, right?
> 

Indeed, they has been added to glibc 2.32 and backported to stable branches.
It's just a copy from the release announcement... we can drop it if you prefer.

Best regards,
Romain




More information about the buildroot mailing list