GNU bug report logs - #46959
[PATCH 0/1] WIP: gnu: newlib: Fix CVE-2021-3420.

Reported by: Léo Le Bouter <lle-bout <at> zaclys.net>

Date: Sat, 6 Mar 2021 05:05:02 UTC

Severity: normal

Tags: patch, security

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Léo Le Bouter <lle-bout <at> zaclys.net>
To: guix-patches <at> gnu.org
Cc: Léo Le Bouter <lle-bout <at> zaclys.net>
Subject: [PATCH 0/1] WIP: gnu: newlib: Fix CVE-2021-3420.
Date: Sat,  6 Mar 2021 06:04:09 +0100

newlib-CVE-2021-3420.patch needs backporting to the versions of newlib it is
being applied to, so if you are interested or a user of those packages please
finish the work, otherwise well CVE-2021-3420 will probably remain unfixed.

The versions of newlib are too old and too specific for it to be
maintainable security-wise, especially considering upstream does not seem to
maintain older versions at all. I don't think GNU Guix should take that role,
but of course the people who depend on these packages can ensure they are good
enough for themselves, otherwise contribute changes.

Léo Le Bouter (1):
  gnu: newlib: Fix CVE-2021-3420.

 gnu/local.mk                                  |   1 +
 gnu/packages/embedded.scm                     |   6 +-
 .../patches/newlib-CVE-2021-3420.patch        | 105 ++++++++++++++++++
 3 files changed, 110 insertions(+), 2 deletions(-)
 create mode 100644 gnu/packages/patches/newlib-CVE-2021-3420.patch

-- 
2.30.1

This bug report was last modified 4 years and 87 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #46959 [PATCH 0/1] WIP: gnu: newlib: Fix CVE-2021-3420.

GNU bug report logs - #46959
[PATCH 0/1] WIP: gnu: newlib: Fix CVE-2021-3420.