Hello,

We've observed while working on CVE-2023-25586 that the binutils 2.38 has its last update on 08/2022.
Does this branch is still under maintenance/support by binutils? And is there any plan to fix the CVE-2023-25586 for 2.38 branch? (This CVE is fixed in 2.40 and when we tried to backport we've noticed it has a lot of dependencies to take.)

In general, how long a branch will be maintained and updated by binutils?



Thanks,
Sundeep.