|Reported by:||Bruce Dubbs||Owned by:||lfs-book|
New point version.
We are very sorry to have to report that a problem was found with the GNU Binutils 2.36 release. It turns out that it contained a small portion of code that was not covered by an FSF copyright assignment. So we have created a replacement release - 2.36.1 - with that code removed.
In addition we found that a fix for a theoretical security vulnerability was itself broken and could result in the archiver program "ar" misbehaving. So we have chosen to revert the fix from the 2.36.1 release whilst the problem is properly resolved.
: CVE 2021-20197: https://sourceware.org/bugzilla/show_bug.cgi?id=26945