Bug 255368 - devel/binutils: CVE-2021-3487
Summary: devel/binutils: CVE-2021-3487
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: freebsd-ports-bugs (Nobody)
URL: https://nvd.nist.gov/vuln/detail/CVE-...
Keywords: needs-patch, needs-qa, security
Depends on: 251385
Blocks:
  Show dependency treegraph
 
Reported: 2021-04-24 18:01 UTC by Daniel Engberg
Modified: 2021-05-24 20:07 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (jflopezfernandez)
koobs: merge-quarterly?


Attachments
Patch file (3.28 KB, patch)
2021-05-24 20:07 UTC, Yasuhiro Kimura
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Engberg 2021-04-24 18:01:33 UTC
https://nvd.nist.gov/vuln/detail/CVE-2021-3487
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2021-04-25 00:39:36 UTC
Thanks for these reports Daniel. 

For future security reports, please include/add the relevent main reference to the URL field, and use title format:

  cat/port: Update to <version> (fixes security vulnerability: <cve>)
Comment 2 Yasuhiro Kimura 2021-05-24 20:07:55 UTC
Created attachment 225233 [details]
Patch file

Add upstream patch to fix CVE-2021-3487.

Bug #256133 describes vulnerability fixed with this patch. So please commit it together.