Dear arms,


I hope this message finds you well.


I am writing to inquire about the issue of ARM gcc5 CVE-2023-4039. According to the advisory on GitHub (https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf), this bug affects versions from 5.4.0 to the trunk as of May 15, 2023.


However, I noticed that currently, patches are only provided for gcc7 and above, as per the information available on the ARM Security Center (https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64).


Given the potential impact of this vulnerability, I am particularly interested in a patch for gcc5. Could you please provide information on whether a patch for gcc5 is available or planned? If not, could you suggest any possible workarounds or mitigation strategies for systems that are currently using gcc5?


I appreciate your attention to this matter and look forward to your response.


Best regards,