Bug 256133

Summary: security/vuxml: Document excessive memory consumption vulnerability in binutils
Product: Ports & Packages Reporter: Yasuhiro Kimura <yasu>
Component: Individual Port(s)Assignee: Fernando Apesteguía <fernape>
Status: Closed FIXED    
Severity: Affects Many People CC: chris, fernape, fluffy
Priority: Normal Keywords: easy
Version: LatestFlags: bugzilla: maintainer-feedback? (ports-secteam)
Hardware: Any   
OS: Any   
Bug Depends on:    
Bug Blocks: 251385, 255368    
Attachments:
Description Flags
Patch file
none
Updated patch file
none
Updated patch file
none
Updated patch file
none
Updated patch file
none
Updated patch file
none
Updated patch file
none
Updated patch file
none
Updated patch file
fluffy: maintainer-approval+
Updated patch file
none
Updated patch file
none
Updated patch file
none
Updated patch file
none
Updated patch file
none
Updated patch file
none
Updated patch file
none
Updated patch file
none
Updated patch file
none
Updated patch file none

Description Yasuhiro Kimura freebsd_committer 2021-05-24 20:03:26 UTC
Created attachment 225232 [details]
Patch file

Document excessive memory consumption vulnerability in binutils.
Comment 1 Yasuhiro Kimura freebsd_committer 2021-05-25 18:21:54 UTC
Created attachment 225257 [details]
Updated patch file

Chase update of ports tree.
Comment 2 Yasuhiro Kimura freebsd_committer 2021-05-26 05:08:31 UTC
Created attachment 225267 [details]
Updated patch file

Chase update of ports tree.
Comment 3 Yasuhiro Kimura freebsd_committer 2021-05-27 01:50:10 UTC
Created attachment 225297 [details]
Updated patch file

Chase update of ports tree.
Comment 4 Yasuhiro Kimura freebsd_committer 2021-05-27 09:12:15 UTC
Created attachment 225303 [details]
Updated patch file

Chase update of ports tree.
Comment 5 Yasuhiro Kimura freebsd_committer 2021-06-01 07:26:58 UTC
Created attachment 225440 [details]
Updated patch file

Chase update of ports tree.
Comment 6 Yasuhiro Kimura freebsd_committer 2021-06-01 15:35:59 UTC
Created attachment 225460 [details]
Updated patch file

Chase update of ports tree.
Comment 7 Yasuhiro Kimura freebsd_committer 2021-06-01 15:58:59 UTC
Created attachment 225462 [details]
Updated patch file

Chase update of ports tree.
Comment 8 Yasuhiro Kimura freebsd_committer 2021-06-02 01:18:54 UTC
Created attachment 225485 [details]
Updated patch file

Chase update of ports tree.
Comment 9 Dima Panov freebsd_committer 2021-06-02 06:50:24 UTC
Comment on attachment 225485 [details]
Updated patch file

Ship it!
Comment 10 Yasuhiro Kimura freebsd_committer 2021-06-02 19:07:02 UTC
Created attachment 225507 [details]
Updated patch file

Chase update of ports tree.
Comment 11 Yasuhiro Kimura freebsd_committer 2021-06-03 09:38:28 UTC
Created attachment 225521 [details]
Updated patch file

Chase update of ports tree.
Comment 12 Yasuhiro Kimura freebsd_committer 2021-06-05 05:52:23 UTC
Created attachment 225561 [details]
Updated patch file

Chase update of ports tree.
Comment 13 Yasuhiro Kimura freebsd_committer 2021-06-10 19:31:05 UTC
Created attachment 225715 [details]
Updated patch file

Chase update of ports tree.
Comment 14 Yasuhiro Kimura freebsd_committer 2021-06-11 18:33:23 UTC
Created attachment 225744 [details]
Updated patch file

Chase update of ports tree.
Comment 15 Yasuhiro Kimura freebsd_committer 2021-06-16 10:27:50 UTC
Created attachment 225855 [details]
Updated patch file

Chase update of ports tree.
Comment 16 Yasuhiro Kimura freebsd_committer 2021-06-20 17:31:15 UTC
Created attachment 225953 [details]
Updated patch file

Chase update of ports tree.
Comment 17 Yasuhiro Kimura freebsd_committer 2021-08-11 00:32:39 UTC
Created attachment 227099 [details]
Updated patch file

* Chase update of ports tree.
* Update range as devel/binutils is updated to 2.37.
Comment 18 Kubilay Kocak freebsd_committer freebsd_triage 2021-08-11 01:30:21 UTC
@ports-secteam could this be committed please
Comment 19 Fernando Apesteguía freebsd_committer 2021-08-11 08:08:05 UTC
(In reply to Kubilay Kocak from comment #18)
fluffy@ approved this in comment #9 he is a member of ports-secteam@

I think we can commit this.
Comment 20 Yasuhiro Kimura freebsd_committer 2021-08-13 11:03:04 UTC
Created attachment 227158 [details]
Updated patch file

* Chase update of ports tree.
* Update range as bug #255368 will be committed to 2021Q3 branch.
Comment 21 Yasuhiro Kimura freebsd_committer 2021-08-16 22:21:49 UTC
Created attachment 227255 [details]
Updated patch file

Chase update of ports tree.
Comment 22 commit-hook freebsd_committer 2021-08-18 06:17:08 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=2a99b5e684733568e6e532c434c0b43767168d3e

commit 2a99b5e684733568e6e532c434c0b43767168d3e
Author:     Yasuhiro Kimura <yasu@utahime.org>
AuthorDate: 2021-08-18 06:05:28 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2021-08-18 06:10:16 +0000

    security/vuxml: Excessive memory consumption vulnerability in binutils

    Fixed in main a0e752df8013 and in 2021Q3 in 9c4ee12.

    PR:     256133
    Reviewed by:    fluffy@, koobs@
    Security:       CVE-2021-3487

 security/vuxml/vuln-2021.xml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
Comment 23 Fernando Apesteguía freebsd_committer 2021-08-18 06:17:40 UTC
Committed,

Thanks!