Landing: e1428067748d

← All landings

Project / Subsystem

binutils / binutils

Date

2026-05-07

Author

Nick Clifton <nickc@sourceware.org>

Commit

e1428067748d6b713637241855d1c315fb657c8b

Source

public_inbox

Perf win

No

Breaking

No

View on GitHub →

All attributes

project: binutils
subsystem: binutils
patch_id: —
commit_hash: e1428067748d6b713637241855d1c315fb657c8b
source_type: public_inbox
headline: Update the SECURITY.txt document to clarify security compromise
tldr: Clarifies the definition of a security bug in binutils, focusing on direct compromises and vulnerabilities introduced into generated output.
author: Nick Clifton <nickc@sourceware.org>
outcome: committed
performance_win: false
breaking_change: false
series_id: —
series_parts: []
tags: • security
• policy
• binutils
discussion_id_link: —
bugzilla_pr: —
url: https://inbox.sourceware.org/binutils-cvs/20260507095530.491A34BA2E10@sourceware.org
date: 2026-05-07T00:00:00.000Z

The SECURITY.txt document for binutils was updated to clarify what constitutes a security bug. The update emphasizes that a security bug involves either a direct compromise of security (allowing elevated permissions) or the introduction of a vulnerability in the generated output that wasn’t present in the input. It also highlights that bugs relying on untrusted input must cross a trust boundary to be considered security issues. These changes provide clearer guidelines for reporting and handling security-related issues in binutils.