diff options
| -rw-r--r-- | REUSE.toml | 3 | ||||
| -rw-r--r-- | bugs/README.md | 6 | ||||
| -rw-r--r-- | bugs/cve/2018/10372/bug3 | bin | 0 -> 1100 bytes | |||
| -rw-r--r-- | loftix/bugs.scm | 12 |
4 files changed, 20 insertions, 1 deletions
diff --git a/REUSE.toml b/REUSE.toml index 554690f..635c4d4 100644 --- a/REUSE.toml +++ b/REUSE.toml @@ -85,7 +85,8 @@ SPDX-FileCopyrightText = 'Gustavo Grieco' SPDX-License-Identifier = 'CC0-1.0' [[annotations]] -path = 'bugs/cve/2017/6965/bug_3' +path = [ 'bugs/cve/2017/6965/bug_3', + 'bugs/cve/2018/10372/bug3' ] SPDX-FileCopyrightText = 'Phạm Văn Thuận' SPDX-License-Identifier = 'CC0-1.0' diff --git a/bugs/README.md b/bugs/README.md index a6a202a..95fc232 100644 --- a/bugs/README.md +++ b/bugs/README.md @@ -24,6 +24,11 @@ nm -l cve/2017/15025/floatexception.elf objdump -S cve/2017/15025/floatexception.elf +- CVE-2018-10372: [heap buffer overflow][sourceware-23064] + + guix shell -e '(@@ (loftix bugs) binutils-2.30-asan)' + readelf -w cve/2018/10372/bug3 + - CVE-2019-9077: [heap buffer overflow][sourceware-24243] guix shell -e '(@@ (loftix bugs) binutils-2.32-asan)' @@ -254,4 +259,5 @@ [sourceware-22148]: https://sourceware.org/bugzilla/show_bug.cgi?id=22148 [sourceware-22186]: https://sourceware.org/bugzilla/show_bug.cgi?id=22186 [sourceware-22202]: https://sourceware.org/bugzilla/show_bug.cgi?id=22202 +[sourceware-23064]: https://sourceware.org/bugzilla/show_bug.cgi?id=23064 [sourceware-24243]: https://sourceware.org/bugzilla/show_bug.cgi?id=24243 diff --git a/bugs/cve/2018/10372/bug3 b/bugs/cve/2018/10372/bug3 new file mode 100644 index 0000000..510f97b --- /dev/null +++ b/bugs/cve/2018/10372/bug3 Binary files differdiff --git a/loftix/bugs.scm b/loftix/bugs.scm index dc75628..213cf3a 100644 --- a/loftix/bugs.scm +++ b/loftix/bugs.scm @@ -46,6 +46,18 @@ #:make-flags '("CFLAGS=-O2 -g -fsanitize=address" "LDFLAGS=-fsanitize=address"))))) +(define-public binutils-2.30-asan + (package + (inherit binutils-2.32-asan) + (version "2.30") + (source (origin + (inherit (package-source binutils)) + (uri (string-append "mirror://gnu/binutils/binutils-" + version ".tar.bz2")) + (sha256 + (base32 "028cklfqaab24glva1ks2aqa1zxa6w6xmc8q34zs1sb7h22dxspg")) + (patches '()))))) + (define-public binutils-2.29-asan (package (inherit binutils-2.32-asan) |