On Mon, Oct 23, 2023 at 7:54 PM 老小孩老小孩 <arab...@126.com> wrote: > > Dear arms, > > I hope this message finds you well. > > I am writing to inquire about the issue of ARM gcc5 CVE-2023-4039. According > to the advisory on GitHub > (https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf), > this bug affects versions from 5.4.0 to the trunk as of May 15, 2023. > > However, I noticed that currently, patches are only provided for gcc7 and > above, as per the information available on the ARM Security Center > (https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64). > > Given the potential impact of this vulnerability, I am particularly > interested in a patch for gcc5. Could you please provide information on > whether a patch for gcc5 is available or planned? If not, could you suggest > any possible workarounds or mitigation strategies for systems that are > currently using gcc5? > > I appreciate your attention to this matter and look forward to your response.
THIS should NEVER have been a security CVE in the first place. This is not a security issue with any correct code that GCC will process. GCC does not consider this a security issue according to its security policy. See the "Security features implemented in GCC" section of https://gcc.gnu.org/git/?p=gcc.git;a=blob_plain;f=SECURITY.txt;hb=HEAD for more information on that policy. Thanks, Andrew Pinski > > Best regards,