Hi Everyone,
We are very sorry to have to report that a problem was found with the
GNU Binutils 2.36 release. It turns out that it contained a small
portion of code that was not covered by an FSF copyright assignment.
So we have created a replacement release - 2.36.1 - with that code
removed.
In addition we found that a fix for a theoretical security
vulnerability[1] was itself broken and could result in the archiver
program "ar" misbehaving. So we have chosen to revert the fix from
the 2.36.1 release whilst the problem is properly resolved.
The new release is available at the usual sites. Ie:
https://ftp.gnu.org/gnu/binutils
https://sourceware.org/pub/binutils/releases/
Cheers
Nick Clifton
GNU Binutils Chief Maintainer
[1]: CVE 2021-20197: https://sourceware.org/bugzilla/show_bug.cgi?id=26945
--
If you have a working or partly working program that you'd like
to offer to the GNU project as a GNU package,
see https://www.gnu.org/help/evaluation.html.
