Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#4709 closed task (fixed)


Reported by: Bruce Dubbs Owned by: lfs-book
Priority: high Milestone: 10.0
Component: Book Version: SVN
Severity: normal Keywords:


Change History (2)

comment:1 by Bruce Dubbs, 4 years ago

Resolution: fixed
Status: newclosed

fixed at revision 12011.

comment:2 by Douglas R. Reno, 4 years ago

Priority: normalhigh
Security related changes:

  CVE-2016-10228: An infinite loop has been fixed in the iconv program when
  invoked with the -c option and when processing invalid multi-byte input
  sequences.  Reported by Jan Engelhardt.

  CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
  corruption when they were passed a pseudo-zero argument.  Reported by Guido
  Vranken / ForAllSecure Mayhem.

  CVE-2020-1752: A use-after-free vulnerability in the glob function when
  expanding ~user has been fixed.

  CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and
  memmove functions has been fixed.  Discovered by Jason Royes and Samual
  Dytrych of the Cisco Security Assessment and Penetration Team (See

Only three of the issues affect us: CVE-2020-1752, CVE-2020-10029, and CVE-2016-10228.

Retroactively promoting to High so I can add errata

Note: See TracTickets for help on using tickets.