diff options
| author | Nguyễn Gia Phong <cnx@loang.net> | 2025-02-18 11:25:21 +0900 |
|---|---|---|
| committer | Nguyễn Gia Phong <cnx@loang.net> | 2025-02-18 15:50:28 +0900 |
| commit | 67c968d8921157c981e868cf666d004933c4b79e (patch) | |
| tree | 8f44177b43bbef8f0c8e63ffb9efd056a2d3a172 | |
| parent | f3dd49518897f44fc4111adc3ed5a6e9e133dfe0 (diff) | |
| download | loftix-67c968d8921157c981e868cf666d004933c4b79e.tar.gz | |
Add CVE-2019-9077 from ASan'ed binutils 2.32
| -rw-r--r-- | README.md | 8 | ||||
| -rw-r--r-- | REUSE.toml | 5 | ||||
| -rw-r--r-- | bugs/cve/2019/9077/hbo2 | bin | 0 -> 324 bytes | |||
| -rw-r--r-- | loftix/bugs.scm | 18 |
4 files changed, 28 insertions, 3 deletions
diff --git a/README.md b/README.md index a457500..1ebc5dc 100644 --- a/README.md +++ b/README.md @@ -100,6 +100,13 @@ Then run `guix pull`. djpeg -crop "1x1+16+16" -onepass -dither ordered -dct float -colors 8\ -targa -grayscale -outfile o bugs/cve/2017/15232/2.jpg +### CVE-2019-9077 + +[binutils: heap buffer overflow][sourceware-24243] + + guix shell binutils@2.32 + readelf -a bugs/cve/2019/9077/hbo2 + [Guix channel]: https://guix.gnu.org/manual/devel/en/html_node/Channels.html [AFLRun]: https://trong.loang.net/~cnx/afl++/log?h=run [AFL++]: https://github.com/AFLplusplus/AFLplusplus @@ -114,4 +121,5 @@ Then run `guix pull`. [sourceware-22148]: https://sourceware.org/bugzilla/show_bug.cgi?id=22148 [sourceware-22202]: https://sourceware.org/bugzilla/show_bug.cgi?id=22202 [sourceware-22186]: https://sourceware.org/bugzilla/show_bug.cgi?id=22186 +[sourceware-24243]: https://sourceware.org/bugzilla/show_bug.cgi?id=24243 [mozjpeg-268]: https://github.com/mozilla/mozjpeg/issues/268 diff --git a/REUSE.toml b/REUSE.toml index e529874..81cd182 100644 --- a/REUSE.toml +++ b/REUSE.toml @@ -48,6 +48,11 @@ path = 'bugs/cve/2017/15232/*.jpg' SPDX-FileCopyrightText = '2017 Zhao Liang' [[annotations]] +path = 'bugs/cve/2019/9077/hbo2' +SPDX-FileCopyrightText = '2019 陈鹏' +SPDX-License-Identifier = 'CC0-1.0' + +[[annotations]] path = 'patches/*.patch' SPDX-FileCopyrightText = '2024 Nguyễn Gia Phong' SPDX-License-Identifier = 'GPL-3.0-or-later' diff --git a/bugs/cve/2019/9077/hbo2 b/bugs/cve/2019/9077/hbo2 new file mode 100644 index 0000000..5ab04c9 --- /dev/null +++ b/bugs/cve/2019/9077/hbo2 Binary files differdiff --git a/loftix/bugs.scm b/loftix/bugs.scm index 6212ba2..53b7383 100644 --- a/loftix/bugs.scm +++ b/loftix/bugs.scm @@ -19,16 +19,16 @@ #:use-module (guix download) #:use-module (guix packages)) -(define-public binutils-2.29-asan +(define-public binutils-2.32-asan (package (inherit binutils-2.33) - (version "2.29") + (version "2.32") (source (origin (inherit (package-source binutils)) (uri (string-append "mirror://gnu/binutils/binutils-" version ".tar.bz2")) (sha256 - (base32 "1gqfyksdnj3iir5gzyvlp785mnk60g1pll6zbzbslfchhr4rb8i9")) + (base32 "0b8767nyal1bc4cyzg5h9iis8kpkln1i3wkamig75cifj1fb2f6y")) (patches '()))) (arguments '(#:phases (modify-phases %standard-phases (add-before 'build 'set-env @@ -37,6 +37,18 @@ #:make-flags '("CFLAGS=-O2 -g -fsanitize=address" "LDFLAGS=-fsanitize=address"))))) +(define-public binutils-2.29-asan + (package + (inherit binutils-2.32-asan) + (version "2.29") + (source (origin + (inherit (package-source binutils)) + (uri (string-append "mirror://gnu/binutils/binutils-" + version ".tar.bz2")) + (sha256 + (base32 "1gqfyksdnj3iir5gzyvlp785mnk60g1pll6zbzbslfchhr4rb8i9")) + (patches '()))))) + (define-public binutils-2.27-asan (package (inherit binutils-2.29-asan) |