Hi nick, Thanks for the information. I just filed the heap overflow bug report. Please find it at https://sourceware.org/bugzilla/show_bug.cgi?id=23942.
Thank you Dongdong On Fri, Nov 30, 2018 at 5:58 AM Nick Clifton <ni...@redhat.com> wrote: > HI Dongdong, > > > We are doing some fuzzing tests on Binutils-2.30 > > Just as an aside the latest binutils release is 2.31.1 ... > > > and find a heap overflow bug in nm-new 32 bit version. > > Was there a binutils bug report filed for this problem ? I may have > missed it. > > > We also filed a interger-overflow bug in binutils-2.30 recently at > https://sourceware.org/bugzilla/show_bug.cgi?id=23932. > > Thank you for filing this bug report. I am currently testing a fix for it. > > > Can we get the corresponding CVE number for the two bugs reported? > > Sorry - we do not allocate these numbers. Normally they are automatically > allocated by the Mitre corporation, which regularly scans the binutils > bugzilla > system for new bug reports. You can find out more information here: > > http://cve.mitre.org/cve/request_id.html > > I should also note that it usually takes a couple of weeks between filing > a bug > report in the binutils bugzilla system and a CVE number being allocated. > > Cheers > Nick >
_______________________________________________ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
