diff options
| -rw-r--r-- | README.md | 8 | ||||
| -rw-r--r-- | REUSE.toml | 5 | ||||
| -rw-r--r-- | bugs/cve/2017/6965/bug_3 | bin | 0 -> 3944 bytes | |||
| -rw-r--r-- | loftix/bugs.scm | 12 |
4 files changed, 25 insertions, 0 deletions
diff --git a/README.md b/README.md index eb14e25..a457500 100644 --- a/README.md +++ b/README.md @@ -60,6 +60,13 @@ Then run `guix pull`. guix shell libxml2@2.9.4 xmllint --recover bugs/cve/2017/5969/crash-libxml2-recover.xml +### CVE-2017-6965 + +[binutils: heap buffer overflow][sourceware-21137] + + guix shell binutils@2.27 + readelf -w bugs/cve/2017/6965/bug_3 + ### CVE-2017-14745 [binutils: integer overflow][sourceware-22148] @@ -103,6 +110,7 @@ Then run `guix pull`. [redhat-955808]: https://bugzilla.redhat.com/show_bug.cgi?id=955808 [jasper-d42b238]: https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c [oss-sec-20161105-3]: https://www.openwall.com/lists/oss-security/2016/11/05/3 +[sourceware-21137]: https://sourceware.org/bugzilla/show_bug.cgi?id=21137 [sourceware-22148]: https://sourceware.org/bugzilla/show_bug.cgi?id=22148 [sourceware-22202]: https://sourceware.org/bugzilla/show_bug.cgi?id=22202 [sourceware-22186]: https://sourceware.org/bugzilla/show_bug.cgi?id=22186 diff --git a/REUSE.toml b/REUSE.toml index fae9655..e529874 100644 --- a/REUSE.toml +++ b/REUSE.toml @@ -23,6 +23,11 @@ SPDX-FileCopyrightText = '2016 Gustavo Grieco' SPDX-License-Identifier = 'CC0-1.0' [[annotations]] +path = 'bugs/cve/2017/6965/bug_3' +SPDX-FileCopyrightText = '2017 Phạm Văn Thuận' +SPDX-License-Identifier = 'CC0-1.0' + +[[annotations]] path = 'bugs/cve/2017/14745/crash_1' SPDX-FileCopyrightText = '2017 Junchao Luan' diff --git a/bugs/cve/2017/6965/bug_3 b/bugs/cve/2017/6965/bug_3 new file mode 100644 index 0000000..675f2f6 --- /dev/null +++ b/bugs/cve/2017/6965/bug_3 Binary files differdiff --git a/loftix/bugs.scm b/loftix/bugs.scm index 0ee9398..6212ba2 100644 --- a/loftix/bugs.scm +++ b/loftix/bugs.scm @@ -37,6 +37,18 @@ #:make-flags '("CFLAGS=-O2 -g -fsanitize=address" "LDFLAGS=-fsanitize=address"))))) +(define-public binutils-2.27-asan + (package + (inherit binutils-2.29-asan) + (version "2.27") + (source (origin + (inherit (package-source binutils)) + (uri (string-append "mirror://gnu/binutils/binutils-" + version ".tar.bz2")) + (sha256 + (base32 "125clslv17xh1sab74343fg6v31msavpmaa1c1394zsqa773g5rn")) + (patches '()))))) + (define-public jasper-1.900.19 (package (inherit jasper) |