Bug 256133 - security/vuxml: Document excessive memory consumption vulnerability in binutils
Summary: security/vuxml: Document excessive memory consumption vulnerability in binutils
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Fernando Apesteguía
URL:
Keywords: easy
Depends on:
Blocks: 251385 255368
  Show dependency treegraph
 
Reported: 2021-05-24 20:03 UTC by Yasuhiro Kimura
Modified: 2021-08-18 06:17 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (ports-secteam)


Attachments
Patch file (1.94 KB, patch)
2021-05-24 20:03 UTC, Yasuhiro Kimura
no flags Details | Diff
Updated patch file (1.94 KB, patch)
2021-05-25 18:21 UTC, Yasuhiro Kimura
no flags Details | Diff
Updated patch file (1.92 KB, patch)
2021-05-26 05:08 UTC, Yasuhiro Kimura
no flags Details | Diff
Updated patch file (1.93 KB, patch)
2021-05-27 01:50 UTC, Yasuhiro Kimura
no flags Details | Diff
Updated patch file (1.95 KB, patch)
2021-05-27 09:12 UTC, Yasuhiro Kimura
no flags Details | Diff
Updated patch file (1.93 KB, patch)
2021-06-01 07:26 UTC, Yasuhiro Kimura
no flags Details | Diff
Updated patch file (1.93 KB, patch)
2021-06-01 15:35 UTC, Yasuhiro Kimura
no flags Details | Diff
Updated patch file (1.92 KB, patch)
2021-06-01 15:58 UTC, Yasuhiro Kimura
no flags Details | Diff
Updated patch file (1.93 KB, patch)
2021-06-02 01:18 UTC, Yasuhiro Kimura
fluffy: maintainer-approval+
Details | Diff
Updated patch file (1.94 KB, patch)
2021-06-02 19:07 UTC, Yasuhiro Kimura
no flags Details | Diff
Updated patch file (1.94 KB, patch)
2021-06-03 09:38 UTC, Yasuhiro Kimura
no flags Details | Diff
Updated patch file (1.97 KB, application/mbox)
2021-06-05 05:52 UTC, Yasuhiro Kimura
no flags Details
Updated patch file (1.96 KB, patch)
2021-06-10 19:31 UTC, Yasuhiro Kimura
no flags Details | Diff
Updated patch file (1.93 KB, patch)
2021-06-11 18:33 UTC, Yasuhiro Kimura
no flags Details | Diff
Updated patch file (1.92 KB, patch)
2021-06-16 10:27 UTC, Yasuhiro Kimura
no flags Details | Diff
Updated patch file (1.93 KB, patch)
2021-06-20 17:31 UTC, Yasuhiro Kimura
no flags Details | Diff
Updated patch file (1.76 KB, patch)
2021-08-11 00:32 UTC, Yasuhiro Kimura
no flags Details | Diff
Updated patch file (1.78 KB, patch)
2021-08-13 11:03 UTC, Yasuhiro Kimura
no flags Details | Diff
Updated patch file (1.83 KB, patch)
2021-08-16 22:21 UTC, Yasuhiro Kimura
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Yasuhiro Kimura 2021-05-24 20:03:26 UTC
Created attachment 225232 [details]
Patch file

Document excessive memory consumption vulnerability in binutils.
Comment 1 Yasuhiro Kimura 2021-05-25 18:21:54 UTC
Created attachment 225257 [details]
Updated patch file

Chase update of ports tree.
Comment 2 Yasuhiro Kimura 2021-05-26 05:08:31 UTC
Created attachment 225267 [details]
Updated patch file

Chase update of ports tree.
Comment 3 Yasuhiro Kimura 2021-05-27 01:50:10 UTC
Created attachment 225297 [details]
Updated patch file

Chase update of ports tree.
Comment 4 Yasuhiro Kimura 2021-05-27 09:12:15 UTC
Created attachment 225303 [details]
Updated patch file

Chase update of ports tree.
Comment 5 Yasuhiro Kimura 2021-06-01 07:26:58 UTC
Created attachment 225440 [details]
Updated patch file

Chase update of ports tree.
Comment 6 Yasuhiro Kimura 2021-06-01 15:35:59 UTC
Created attachment 225460 [details]
Updated patch file

Chase update of ports tree.
Comment 7 Yasuhiro Kimura 2021-06-01 15:58:59 UTC
Created attachment 225462 [details]
Updated patch file

Chase update of ports tree.
Comment 8 Yasuhiro Kimura 2021-06-02 01:18:54 UTC
Created attachment 225485 [details]
Updated patch file

Chase update of ports tree.
Comment 9 Dima Panov freebsd_committer 2021-06-02 06:50:24 UTC
Comment on attachment 225485 [details]
Updated patch file

Ship it!
Comment 10 Yasuhiro Kimura 2021-06-02 19:07:02 UTC
Created attachment 225507 [details]
Updated patch file

Chase update of ports tree.
Comment 11 Yasuhiro Kimura 2021-06-03 09:38:28 UTC
Created attachment 225521 [details]
Updated patch file

Chase update of ports tree.
Comment 12 Yasuhiro Kimura 2021-06-05 05:52:23 UTC
Created attachment 225561 [details]
Updated patch file

Chase update of ports tree.
Comment 13 Yasuhiro Kimura 2021-06-10 19:31:05 UTC
Created attachment 225715 [details]
Updated patch file

Chase update of ports tree.
Comment 14 Yasuhiro Kimura 2021-06-11 18:33:23 UTC
Created attachment 225744 [details]
Updated patch file

Chase update of ports tree.
Comment 15 Yasuhiro Kimura 2021-06-16 10:27:50 UTC
Created attachment 225855 [details]
Updated patch file

Chase update of ports tree.
Comment 16 Yasuhiro Kimura 2021-06-20 17:31:15 UTC
Created attachment 225953 [details]
Updated patch file

Chase update of ports tree.
Comment 17 Yasuhiro Kimura 2021-08-11 00:32:39 UTC
Created attachment 227099 [details]
Updated patch file

* Chase update of ports tree.
* Update range as devel/binutils is updated to 2.37.
Comment 18 Kubilay Kocak freebsd_committer freebsd_triage 2021-08-11 01:30:21 UTC
@ports-secteam could this be committed please
Comment 19 Fernando Apesteguía freebsd_committer 2021-08-11 08:08:05 UTC
(In reply to Kubilay Kocak from comment #18)
fluffy@ approved this in comment #9 he is a member of ports-secteam@

I think we can commit this.
Comment 20 Yasuhiro Kimura 2021-08-13 11:03:04 UTC
Created attachment 227158 [details]
Updated patch file

* Chase update of ports tree.
* Update range as bug #255368 will be committed to 2021Q3 branch.
Comment 21 Yasuhiro Kimura 2021-08-16 22:21:49 UTC
Created attachment 227255 [details]
Updated patch file

Chase update of ports tree.
Comment 22 commit-hook freebsd_committer 2021-08-18 06:17:08 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=2a99b5e684733568e6e532c434c0b43767168d3e

commit 2a99b5e684733568e6e532c434c0b43767168d3e
Author:     Yasuhiro Kimura <yasu@utahime.org>
AuthorDate: 2021-08-18 06:05:28 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2021-08-18 06:10:16 +0000

    security/vuxml: Excessive memory consumption vulnerability in binutils

    Fixed in main a0e752df8013 and in 2021Q3 in 9c4ee12.

    PR:     256133
    Reviewed by:    fluffy@, koobs@
    Security:       CVE-2021-3487

 security/vuxml/vuln-2021.xml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
Comment 23 Fernando Apesteguía freebsd_committer 2021-08-18 06:17:40 UTC
Committed,

Thanks!