https://sourceware.org/bugzilla/show_bug.cgi?id=23963
--- Comment #5 from Ben N <pajexali at gmail dot com> --- (In reply to Nick Clifton from comment #3) > (In reply to Ben N from comment #1) > Hi Ben, > > Sorry for the delay. I have now applied an extended version of your > patch, which should cover almost all of the symbols displayed by > objdump. There is one place left where this kind of problem might > still arise - the print_section_stabs() function - but I think that > this will do for now. > > Cheers > Nick Thanks Nick. As I couldn't find functionality in objdump that warranted the printing of control sequences and readelf already mitigate this behaviour, I believe this to be a security vulnerability. The premise being, users of objdump assume analysing the binary causes nothing more than information to be displayed to screen. Whereas the affected version allows the undefined treatment of control sequences to be abused to interact with the terminal and in some cases exploit VTE vulnerabilities. Can you please let me know your thoughts on this. I would like to apply for a CVE and to notify pkg maintainers so this patch is backported. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ bug-binutils mailing list bug-binutils@gnu.org https://lists.gnu.org/mailman/listinfo/bug-binutils
