RedHat has issued an advisory today (November 1): https://access.redhat.com/errata/RHSA-2021:4033 Mageia 8 is also affected.
See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=29616
Assigning to the base system maintainers, CC'ing the registered maintainer
Assignee: bugsquad => basesystemCC: (none) => marja11, tmb
Why have you mentioned binutils and rust only? This security problem affects all programming languages. Some other discussions and patches: GCC: https://gcc.gnu.org/pipermail/gcc-patches/2021-November/583031.html (implements -Wbidirectional that probably should be enabled by default?) LLVM/CLANG: https://reviews.llvm.org/D112913 (looks like adding specific check to clang-tydy?) Python: https://www.mail-archive.com/python-dev@python.org/msg114237.html (additional PEP?)
CC: (none) => olelukoie
yes seems that this CVE touches a lot of packages/Languages
CC: (none) => mageia
I've only filed bugs for things I was aware of. Feel free to file bugs on the other affected packages. Not all bugs have to filed by me.
it seems quite difficult to find all. As David said, don't hesitate to open bugreports ( or add here ) for more infos about this CVE
Let's keep this bug about binutils, but please feel free to file separate bugs for the other affected packages.
(In reply to David Walser from comment #6) > file separate bugs for the other affected packages. All programming languages, code editors and IDEs with Unicode's bidi support (i.e. just all) are affected so there is no sense to create separate bug reports. May be it's better to create a common bug report with a list of obvious well known affected packages and then adding separate reports for non-obvious ones as it's "Blocks"/"Depends on" "children"...
Ultimately the bug reports are only going to be useful if we can do something with them, i.e. if the software in question actually has a fix available, so we can wait until that happens before filing additional bugs.
RedHat has issued an advisory for this today (November 10): https://access.redhat.com/errata/RHSA-2021:4595
Whiteboard: (none) => MGA8TOO
RH have common bug report for all affected tools with references for all available advisories and patches (including binutils, GCC & Rust): https://bugzilla.redhat.com/show_bug.cgi?id=2005819
See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=29820
fixed in cauldron since binutils 2.38
Whiteboard: MGA8TOO => (none)Version: Cauldron => 8
Mageia 8 EOL
CC: (none) => nicolas.salgueroStatus: NEW => RESOLVEDResolution: (none) => OLD