[Bug 2054343] Re: CVE-2023-4039: ARM64 GCC

Mauricio Faria de Oliveira 2054343 at bugs.launchpad.net
Mon Jun 10 15:06:33 UTC 2024 

Similarly for gcc-10 (10.5.0-4 in Noble/Oracular).

gcc-10 (10.5.0-4) unstable; urgency=medium

  * Fix ftbfs on AArch64 in previous upload.

gcc-10 (10.5.0-3) unstable; urgency=medium

  * Address stack protector and stack clash protection weaknesses
    on AArch64. CVE-2023-4039. Taken from the gcc-11 branch.

$ rmadison -a source gcc-10
 gcc-10 | 10-20200411-0ubuntu1  | focal                   | source
 gcc-10 | 10.3.0-15ubuntu1      | jammy/universe          | source
 gcc-10 | 10.5.0-1ubuntu1~20.04 | focal-security          | source
 gcc-10 | 10.5.0-1ubuntu1~20.04 | focal-updates           | source
 gcc-10 | 10.5.0-1ubuntu1~22.04 | jammy-security/universe | source
 gcc-10 | 10.5.0-1ubuntu1~22.04 | jammy-updates/universe  | source
 gcc-10 | 10.5.0-1ubuntu1       | mantic/universe         | source
 gcc-10 | 10.5.0-4ubuntu2       | noble/universe          | source
 gcc-10 | 10.5.0-4ubuntu2       | oracular/universe       | source

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gcc-10 in Ubuntu.
https://bugs.launchpad.net/bugs/2054343

Title:
  CVE-2023-4039: ARM64 GCC

Status in gcc-10 package in Ubuntu:
  Fix Released
Status in gcc-11 package in Ubuntu:
  Fix Released
Status in gcc-12 package in Ubuntu:
  Fix Released
Status in gcc-13 package in Ubuntu:
  Fix Released
Status in gcc-9 package in Ubuntu:
  Fix Released
Status in gcc-10 source package in Focal:
  Triaged
Status in gcc-9 source package in Focal:
  Triaged
Status in gcc-10 source package in Jammy:
  Triaged
Status in gcc-11 source package in Jammy:
  Triaged
Status in gcc-12 source package in Jammy:
  Triaged
Status in gcc-9 source package in Jammy:
  Triaged
Status in gcc-10 source package in Noble:
  Fix Released
Status in gcc-11 source package in Noble:
  Fix Committed
Status in gcc-12 source package in Noble:
  Fix Released
Status in gcc-13 source package in Noble:
  Fix Released

Bug description:
  See
  https://launchpad.net/ubuntu/+source/gcc-10/10.5.0-3ubuntu1/+build/27746786/+files/buildlog_ubuntu-
  noble-arm64.gcc-10_10.5.0-3ubuntu1_BUILDING.txt.gz

  The above build is supposed to address
  https://nvd.nist.gov/vuln/detail/CVE-2023-4039

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gcc-10/+bug/2054343/+subscriptions

More information about the foundations-bugs mailing list