From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <Luis.Machado@arm.com>
Received: from EUR05-AM6-obe.outbound.protection.outlook.com
 (mail-am6eur05on2056.outbound.protection.outlook.com [40.107.22.56])
 by sourceware.org (Postfix) with ESMTPS id 5DAEC3858405;
 Tue,  5 Apr 2022 13:56:28 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 5DAEC3858405
Received: from AM6PR04CA0017.eurprd04.prod.outlook.com (2603:10a6:20b:92::30)
 by AM0PR08MB3410.eurprd08.prod.outlook.com (2603:10a6:208:df::33)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5123.31; Tue, 5 Apr
 2022 13:56:26 +0000
Received: from AM5EUR03FT014.eop-EUR03.prod.protection.outlook.com
 (2603:10a6:20b:92:cafe::11) by AM6PR04CA0017.outlook.office365.com
 (2603:10a6:20b:92::30) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5123.31 via Frontend
 Transport; Tue, 5 Apr 2022 13:56:26 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123)
 smtp.mailfrom=arm.com; dkim=pass (signature was verified)
 header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
 63.35.35.123 as permitted sender) receiver=protection.outlook.com;
 client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by
 AM5EUR03FT014.mail.protection.outlook.com (10.152.16.130) with
 Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.5123.19 via Frontend Transport; Tue, 5 Apr 2022 13:56:25 +0000
Received: ("Tessian outbound 2d401af10eb3:v118");
 Tue, 05 Apr 2022 13:56:25 +0000
X-CheckRecipientChecked: true
X-CR-MTA-CID: af8a5465c3193cc1
X-CR-MTA-TID: 64aa7808
Received: from 442d6add12a8.1
 by 64aa7808-outbound-1.mta.getcheckrecipient.com id
 41FC74FA-ED13-41DC-A79E-08B3BD83FEC5.1; 
 Tue, 05 Apr 2022 13:56:19 +0000
Received: from EUR05-DB8-obe.outbound.protection.outlook.com
 by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 442d6add12a8.1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384);
 Tue, 05 Apr 2022 13:56:19 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=D4X/Qs1Vb1m+fMZVEaBOuAXKdHClw/rKBWG0mKyEYKNyptkZWHsof5CKs0HPDowf9zAKYdMf3xUtMmtltoJwdKOKicONYAlL/gqYJvJcFvlq0RUJyliCLDfhol9PUmFnWid5HO4dShzqRXw4ybN+9h9LzhUVTy43EKKZCXe+RevXpo8tJfscajsSCWKM1UMQTbajz4dqX5BKqIVyf33LJf3ddkM9RzhQqRXFYY0MZuZulxLDj3CJIgZnvpHXnInip/piawmrV2S4fepK4fc10G0CDvcwfFGcxAV3yFmMHusv3F8McRyY+jJylVI9crw6AT8loeNzZgMpxK6aVK0rkA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=EaPzUjk/gLqfUAXLwLVBLl6BjLIfElCkDnyjomti0w4=;
 b=IgsuGx4Y6HhJZ9wYUD1EZgCq+/tYseCvFA3b7kMQGVVx3M8S02pe9+YIoVJQH5VWR6jweEKKYLEZ+RV0nsCW1USuHlS+tX9E1VgpxPfmoPotl8ef5X+/dAIG30Xn/ea1fDl2OMUu2Kf/QxZG8RaqtsZy+hITghfA0rTliR+YSstABFrCXydRmawtvYpd0WCKq23aiMK9K8CF7a9KjFNjkgYZZc0zEE4g3ru08/8OEcguJ4uqgLIQC5Xh5bxm1j2M1jALM2h06M3kgCulfrGNSjZTxw/QuDWZMZNSrY1Gmv1aMWFYMngKW9hzNMrH8vci56ZHVP8DeGaPxYGHRC+ELA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass
 header.d=arm.com; arc=none
Authentication-Results-Original: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=arm.com;
Received: from VI1PR08MB3919.eurprd08.prod.outlook.com (2603:10a6:803:c4::31)
 by PR3PR08MB5562.eurprd08.prod.outlook.com (2603:10a6:102:85::7) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5123.30; Tue, 5 Apr
 2022 13:56:18 +0000
Received: from VI1PR08MB3919.eurprd08.prod.outlook.com
 ([fe80::905f:29ee:d858:516e]) by VI1PR08MB3919.eurprd08.prod.outlook.com
 ([fe80::905f:29ee:d858:516e%7]) with mapi id 15.20.5123.031; Tue, 5 Apr 2022
 13:56:17 +0000
Message-ID: <aeecafc4-da37-240f-8f3e-ca2ca58f364f@arm.com>
Date: Tue, 5 Apr 2022 14:56:13 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.7.0
Content-Language: en-US
To: binutils@sourceware.org, "gdb@sourceware.org" <gdb@sourceware.org>,
 gcc@gcc.gnu.org
From: Luis Machado <luis.machado@arm.com>
Subject: [CVE] zlib (< 1.2.12) memory corruption
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-ClientProxiedBy: LNXP265CA0013.GBRP265.PROD.OUTLOOK.COM
 (2603:10a6:600:5e::25) To VI1PR08MB3919.eurprd08.prod.outlook.com
 (2603:10a6:803:c4::31)
MIME-Version: 1.0
X-MS-Office365-Filtering-Correlation-Id: d8afc4f5-1d95-47c5-2329-08da170c1376
X-MS-TrafficTypeDiagnostic: PR3PR08MB5562:EE_|AM5EUR03FT014:EE_|AM0PR08MB3410:EE_
X-Microsoft-Antispam-PRVS: <AM0PR08MB34100E93EFC532DE1FD92D1C8BE49@AM0PR08MB3410.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
NoDisclaimer: true
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: av9Kn68nP9dFoCHgud0fD9iJ8DxbBVhmXhUnXh5uEp3tprA+rzFYmo+HTvzyH0j8+b5rKnJljcy/nl2wx+kjd9OtLdQRERhqtClcB7YPA3nUbd6FW42ligKceQjRFLZSjyTAZ9CYrj5wYMkoCcpOiP/8C5FS9mDF1rbY5piC4hmKMBQ91vQDpJ6lCBzawnkiAEixLOwmmmKxnV00ztGpi4etDLie+f2kJsjzGFYcb79a/w4skt1b7EOH1Ib08KPSEKg4vPsILUVKdo+YyzCjM4xrJ5Gn6ICh+VOabGGCxA1ooTRiWq9AaELrL0YvYzdihpoIwALE9x9EwF+K6PRZTUpegeuJoq/fDexOO0fBLJ8LnQM7yPcpgmeLteJfgBW7GP6qxV/ErPIyVk+dpi4NJFOtxfWlpv7P6bx2lbbZKueWXLZdApNPzypKJb4NSlDozNY5vtqbfiOKWmt8xVyrKCv3MAnBgcr48FwTW0GJCEt8WoOWL/b6A4cvnfUejlhS18m5hReBw+G7dKq5DdoSTfHH81O1GL7R73ByJ2ZugLTMO/5rADjqI0UBLwXBTIBHHLXHIVXNPmbFb8b0qzK2aPaV35/RsCvfQnELcwEO4PPQko9wu2RMAUUE2w/lo+BZm4o9fJ3B0TMkYa1u2aCzsYU8Yzg420mJ+9UfwP4Gv83p+2OJ/ihNnWGX0JltNgAAiqSCfEsBqHmLk3c9+qSGaLZEem/djZs62gnQrG1auJkgTVFOSRzugpQJaRDedZtNLNzzdEjbDWVsfEfCxSjEMknzLsDN5LNE7dUa8cg/ffWo1xjUheI3e/OGHDdxrcekNaoAve6wQ5PhFkrk6RQmtvvrQUaHWmnfnM6+5vnb7nI=
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en;
 SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR08MB3919.eurprd08.prod.outlook.com;
 PTR:; CAT:NONE;
 SFS:(13230001)(4636009)(366004)(6506007)(316002)(38100700002)(83380400001)(6512007)(6666004)(186003)(2906002)(2616005)(86362001)(966005)(8936002)(4744005)(5660300002)(31686004)(6486002)(508600001)(44832011)(26005)(31696002)(66476007)(66946007)(66556008)(36756003)(8676002)(45980500001)(43740500002);
 DIR:OUT; SFP:1101; 
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3PR08MB5562
Original-Authentication-Results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: AM5EUR03FT014.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 59e5c3e2-ba8e-4a10-829e-08da170c0e74
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: lvM1iH8nK4+LbTDm8YYJgKm3Z4YFaD2FIXU5mdPUqK5+WvYkoTTBDbtwqFxrcYHX7axLN0tmibef1mo9AbZhLl3vmxiEf9YYvLbpIysk4IsJl7j/PYl+j4LsAObh7TI94tJ5crJLBJzF8M5ke4nZwQDPlXIn9L7j092UwJQMz2FlLHlSQ+tLttdzWPLtiWY0q3ljoyGjQ+KsA/6/qSsKUvYO9BBm/kWjh15owDWm2YjgmgrAf3lBzDuJw2K2gBOALktEeHfoSyV/gHLwBXK+Y9hcRZnV4RofADoZdJhsS9Ovd+XkamatNjWUXIJ7MCPGWLcfQCwkespRgoY07fCiQHnsVLM111lwec3a76dZs1QiC5pdoTNV42KnqD6PNB2CWDmIpcPB8yoSA40QihYlgUGq7rHAjCEc1ARicwTp5UW5jYEf/pzju/uqiNVjKYbpR1tFQ0hJouzZL2c5wOuHoiGZWKcZ+n3O+AdPm+ROENnIYaKZpc/I9PQstJXYOu4KwjFRQziNWeVST+42+HVCQOQwAO/r8GrEL7VRLsNaukY3X1IymRisYAc4d3nmPPIFMuxlkng+PA4Rf8kBUEWpM1WigXsc2oPJPT5wR28L2mK2hJ5alOvcqB5sJln/b6Nxbjgh2Xt+TV18G6r3TuwASDuw8COzIVvDxd2sPv069wSJxX/Qhnz5t05xTAhyzkQCBsJnE4vS9EoC/jTfTAkqatVDK4GkwElkDcEXq4HKmSBduc8fv7o3NWe2hZWANupx3IMds2zVumKxaanv4agt89BjspB7R12w0ahzuHcMhqGqUZvYr3u8fruMum2UR3bBK6vFJ9km8RSvyyo6fbKP0w==
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:;
 IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com;
 PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE;
 SFS:(13230001)(4636009)(36840700001)(46966006)(40470700004)(8676002)(508600001)(450100002)(36860700001)(6666004)(6506007)(70586007)(966005)(82310400005)(70206006)(86362001)(31696002)(83380400001)(316002)(6486002)(40460700003)(47076005)(26005)(336012)(2616005)(186003)(2906002)(5660300002)(6512007)(81166007)(36756003)(44832011)(31686004)(4744005)(8936002)(356005)(43740500002);
 DIR:OUT; SFP:1101; 
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Apr 2022 13:56:25.8964 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: d8afc4f5-1d95-47c5-2329-08da170c1376
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123];
 Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: AM5EUR03FT014.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB3410
X-Spam-Status: No, score=-7.0 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, RCVD_IN_MSPIKE_H2, SPF_HELO_PASS, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE,
 UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gdb@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gdb mailing list <gdb.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/gdb>,
 <mailto:gdb-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/gdb/>
List-Post: <mailto:gdb@sourceware.org>
List-Help: <mailto:gdb-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/gdb>,
 <mailto:gdb-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Apr 2022 13:56:30 -0000

Hi,

There is a CVE [1] for zlib < 1.2.12 (released march 27th).

GCC currently uses zlib 1.2.11, and binutils-gdb imports the zlib 
directory from GCC. The recommendation is to get it updated to 1.2.12, 
which contains the proper fix [2].

It might not affect gcc/binutils/gdb since the code doesn't seem to be 
using the problematic option Z_FIXED, but it seems like a good idea to 
consider bumping the version of zlib we use.

[1] https://nvd.nist.gov/vuln/detail/CVE-2018-25032
[2] 
https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531