Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#70050 - [riscv32-elf-newlib] [Security] arbitrary code execution (CVE-2021-3420)
Attached to Project:
Community Packages
Opened by Jonas Witschel (diabonas) - Thursday, 18 March 2021, 10:54 GMT
Last edited by Massimiliano Torromeo (mtorromeo) - Monday, 25 April 2022, 11:44 GMT
Opened by Jonas Witschel (diabonas) - Thursday, 18 March 2021, 10:54 GMT
Last edited by Massimiliano Torromeo (mtorromeo) - Monday, 25 April 2022, 11:44 GMT
|
DetailsSummary
======= The package riscv32-elf-newlib is vulnerable to arbitrary code execution via CVE-2021-3420. Guidance ======== Updating riscv32-elf-newlib to the latest version 4.1.0 (or applying the patch referenced below) fixes the issue. References ========== https://security.archlinux.org/AVG-1628 https://bugzilla.redhat.com/show_bug.cgi?id=1934088 https://sourceware.org/git/?p=newlib-cygwin.git;a=commitdiff;h=aa106b29a6a8a1b0df9e334704292cbc32f2d44e |
This task depends upon