[Bug 200888] CVE-2012-3509 libiberty: integer overflow

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Jun 15 22:11:49 UTC 2015 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200888

            Bug ID: 200888
           Summary: CVE-2012-3509 libiberty: integer overflow
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: gnu
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: pfg at FreeBSD.org

Created attachment 157772
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=157772&action=edit
fix from OpenBSD

CVE-2012-3509 libiberty: integer overflow, leading to heap-buffer overflow by
processing certain file headers via bfd binary.

I stopped using gcc a while ago so I have no idea how useful/important this may
be.

OpenBSD has applied the following change:

http://freshbsd.org/commit/openbsd/c507578c3b16e773f91845211533295791f6b94d

I have translated it to the attached patch.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list