On 22-12-2025 22:29, Steve Sakoman wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know
the content is safe.
This series doesn't apply to the current stable/whinlatter-nut branch:
There was a white-space issue.
I resolved it and sent a v2.
https://lists.openembedded.org/g/openembedded-core/message/228450
Regards,
Yash
~/Repos/openembedded-core (stable/whinlatter-nut) $ git am -3
~/Downloads/whinlatter-1-2-binutils-fix-CVE-2025-11839.patch
Applying: binutils: fix CVE-2025-11839
error: sha1 information is lacking or useless
(meta/recipes-devtools/binutils/binutils-2.45.inc).
error: could not build fake ancestor
Patch failed at 0001 binutils: fix CVE-2025-11839
hint: Use 'git am --show-current-patch=diff' to see the failed patch
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".
Steve
On Sun, Dec 21, 2025 at 8:34 PM <[email protected]> wrote:
From: Yash Shinde <[email protected]>
CVE-2025-11839
PR 33448
[BUG] Aborted in tg_tag_type at prdbg.c:2452
Remove call to abort in the DGB debug format printing code, thus allowing
the display of a fuzzed input file to complete without triggering an abort.
https://sourceware.org/bugzilla/show_bug.cgi?id=33448
Upstream-Status: Backport
[https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=12ef7d5b7b02d0023db645d86eb9d0797bc747fe]
Signed-off-by: Yash Shinde <[email protected]>
---
.../binutils/binutils-2.45.inc | 1 +
.../binutils/0019-CVE-2025-11839.patch | 32 +++++++++++++++++++
2 files changed, 33 insertions(+)
create mode 100644
meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.45.inc
b/meta/recipes-devtools/binutils/binutils-2.45.inc
index 680ba82e86..2f61c9377b 100644
--- a/meta/recipes-devtools/binutils/binutils-2.45.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.45.inc
@@ -44,4 +44,5 @@ SRC_URI = "\
file://CVE-2025-11413.patch \
file://CVE-2025-11495.patch \
file://0018-CVE-2025-11494.patch \
+ file://0019-CVE-2025-11839.patch \
"
diff --git a/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch
b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch
new file mode 100644
index 0000000000..7f2f6d553d
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/0019-CVE-2025-11839.patch
@@ -0,0 +1,32 @@
+From 12ef7d5b7b02d0023db645d86eb9d0797bc747fe Mon Sep 17 00:00:00 2001
+From: Nick Clifton <[email protected]>
+Date: Mon, 3 Nov 2025 11:49:02 +0000
+Subject: [PATCH] Remove call to abort in the DGB debug format printing code,
+ thus allowing the display of a fuzzed input file to complete without
+ triggering an abort.
+
+PR 33448
+---
+ binutils/prdbg.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+Upstream-Status: Backport
[https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=12ef7d5b7b02d0023db645d86eb9d0797bc747fe]
+CVE: CVE-2025-11839
+
+Signed-off-by: Yash Shinde <[email protected]>
+
+diff --git a/binutils/prdbg.c b/binutils/prdbg.c
+index c239aeb1a79..5d405c48e3d 100644
+--- a/binutils/prdbg.c
++++ b/binutils/prdbg.c
+@@ -2449,7 +2449,6 @@ tg_tag_type (void *p, const char *name, unsigned int id,
+ t = "union class ";
+ break;
+ default:
+- abort ();
+ return false;
+ }
+
+--
+2.43.7
+
--
2.49.0
--
Regards,
Yash Shinde
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#228452):
https://lists.openembedded.org/g/openembedded-core/message/228452
Mute This Topic: https://lists.openembedded.org/mt/116897474/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
