Re: bug report for binutils-2.30

From:

Dongdong She

Subject:

Date:

Fri, 30 Nov 2018 12:40:30 -0500

Hi nick,

Thanks for the information. I just filed the heap overflow bug report. Please find it at https://sourceware.org/bugzilla/show_bug.cgi?id=23942.

Thank you

Dongdong

On Fri, Nov 30, 2018 at 5:58 AM Nick Clifton <address@hidden> wrote:

HI Dongdong,

> We are doing some fuzzing tests on Binutils-2.30

Just as an aside the latest binutils release is 2.31.1 ...

> and find a heap overflow bug in nm-new 32 bit version.

Was there a binutils bug report filed for this problem ? I may have missed it.

> We also filed a interger-overflow bug in binutils-2.30 recently at https://sourceware.org/bugzilla/show_bug.cgi?id=23932.

Thank you for filing this bug report. I am currently testing a fix for it.

> Can we get the corresponding CVE number for the two bugs reported?

Sorry - we do not allocate these numbers. Normally they are automatically
allocated by the Mitre corporation, which regularly scans the binutils bugzilla
system for new bug reports. You can find out more information here:

http://cve.mitre.org/cve/request_id.html

I should also note that it usually takes a couple of weeks between filing a bug
report in the binutils bugzilla system and a CVE number being allocated.

Cheers
Nick

[Prev in Thread]

Current Thread

[Next in Thread]

bug report for binutils-2.30, Dongdong She, 2018/11/29

Re: bug report for binutils-2.30, Nick Clifton, 2018/11/30
- Re: bug report for binutils-2.30, Dongdong She <=