- strip: heap-buffer-overflow [PR #29482] (CVE-2022-38533) - libiberty: prevent buffer overflow when decoding user input (CVE-2021-3826)