[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bug report for binutils-2.30

From: Nick Clifton
Subject: Re: bug report for binutils-2.30
Date: Fri, 30 Nov 2018 10:58:30 +0000
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0

HI Dongdong,

> We are doing some fuzzing tests on Binutils-2.30 

Just as an aside the latest binutils release is 2.31.1 ...

> and find a heap overflow bug in nm-new 32 bit version.

Was there a binutils bug report filed for this problem ?  I may have missed it.

> We also filed a interger-overflow bug in binutils-2.30 recently at 
> https://sourceware.org/bugzilla/show_bug.cgi?id=23932.

Thank you for filing this bug report.  I am currently testing a fix for it.

> Can we get the corresponding CVE number for the two bugs reported?

Sorry - we do not allocate these numbers.  Normally they are automatically
allocated by the Mitre corporation, which regularly scans the binutils bugzilla
system for new bug reports.  You can find out more information here:


I should also note that it usually takes a couple of weeks between filing a bug
report in the binutils bugzilla system and a CVE number being allocated.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]