Created attachment 225232 [details] Patch file Document excessive memory consumption vulnerability in binutils.
Created attachment 225257 [details] Updated patch file Chase update of ports tree.
Created attachment 225267 [details] Updated patch file Chase update of ports tree.
Created attachment 225297 [details] Updated patch file Chase update of ports tree.
Created attachment 225303 [details] Updated patch file Chase update of ports tree.
Created attachment 225440 [details] Updated patch file Chase update of ports tree.
Created attachment 225460 [details] Updated patch file Chase update of ports tree.
Created attachment 225462 [details] Updated patch file Chase update of ports tree.
Created attachment 225485 [details] Updated patch file Chase update of ports tree.
Comment on attachment 225485 [details] Updated patch file Ship it!
Created attachment 225507 [details] Updated patch file Chase update of ports tree.
Created attachment 225521 [details] Updated patch file Chase update of ports tree.
Created attachment 225561 [details] Updated patch file Chase update of ports tree.
Created attachment 225715 [details] Updated patch file Chase update of ports tree.
Created attachment 225744 [details] Updated patch file Chase update of ports tree.
Created attachment 225855 [details] Updated patch file Chase update of ports tree.
Created attachment 225953 [details] Updated patch file Chase update of ports tree.
Created attachment 227099 [details] Updated patch file * Chase update of ports tree. * Update range as devel/binutils is updated to 2.37.
@ports-secteam could this be committed please
(In reply to Kubilay Kocak from comment #18) fluffy@ approved this in comment #9 he is a member of ports-secteam@ I think we can commit this.
Created attachment 227158 [details] Updated patch file * Chase update of ports tree. * Update range as bug #255368 will be committed to 2021Q3 branch.
Created attachment 227255 [details] Updated patch file Chase update of ports tree.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=2a99b5e684733568e6e532c434c0b43767168d3e commit 2a99b5e684733568e6e532c434c0b43767168d3e Author: Yasuhiro Kimura <yasu@utahime.org> AuthorDate: 2021-08-18 06:05:28 +0000 Commit: Fernando Apesteguía <fernape@FreeBSD.org> CommitDate: 2021-08-18 06:10:16 +0000 security/vuxml: Excessive memory consumption vulnerability in binutils Fixed in main a0e752df8013 and in 2021Q3 in 9c4ee12. PR: 256133 Reviewed by: fluffy@, koobs@ Security: CVE-2021-3487 security/vuxml/vuln-2021.xml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+)
Committed, Thanks!