Community Packages

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#70050 - [riscv32-elf-newlib] [Security] arbitrary code execution (CVE-2021-3420)

Attached to Project: Community Packages
Opened by Jonas Witschel (diabonas) - Thursday, 18 March 2021, 10:54 GMT
Last edited by Massimiliano Torromeo (mtorromeo) - Monday, 25 April 2022, 11:44 GMT
Task Type Bug Report
Category Security
Status Assigned   Reopened
Assigned To Levente Polyak (anthraxx)
Filipe LaĆ­ns (FFY00)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No



The package riscv32-elf-newlib is vulnerable to arbitrary code execution via CVE-2021-3420.


Updating riscv32-elf-newlib to the latest version 4.1.0 (or applying the patch referenced below) fixes the issue.

This task depends upon

Comment by Buggy McBugFace (bugbot) - Tuesday, 08 August 2023, 19:11 GMT
This is an automated comment as this bug is open for more then 2 years. Please reply if you still experience this bug otherwise this issue will be closed after 1 month.