Pkgs

gcc

Version: 15.2.0

No description available.

Install package

min add gcc

Compiler

Updated 6 days ago

Spec hash: 3d8a70b3…057d
Built from: Source
Source archive: Mirrored
Source archive SHA256: 438fd996…d24e
Dependencies: 23 build · 5 runtime

Quick links

[ Docs ] [ Changelog ] [ Repo ] [ Security ] [ SBOM ]

What is gcc?

No description available.

How to use this package

Quick install

Installs the package into the current environment for this session. Use --build or --runtime to persist it as a build-time or runtime dependency.

min add gcc

Declare as a task dependency in minimal.toml

Listing the package under tasks.<name>.packages makes it available inside that task’s sandbox.

[tasks.dev]
packages = ["gcc"]

Build-time vs runtime

Choose build-time for tools needed during compilation, runtime for dynamic libraries loaded at runtime.

min add --build gcc
min add --runtime gcc

Dependencies (22)

Dependencies
Name	Version	Kind
bash-bootstrap	5.3	build
binutils	2.46.1	build
bzip2	1.0.8	build
coreutils	9.11	build
diffutils	3.12	build
file	5.47	build
findutils	4.10.0	build
gawk-bootstrap	5.3.2	build
glibc CVE:3	2.42	build
gmp	6.3.0	build + runtime
grep	3.12	build
gzip	1.14	build
linux_headers	6.12.43	build
make	4.4.1	build
mpc	1.4.0	build + runtime
mpfr	4.2.2	build + runtime
perl	5.42.0	build
sed	4.9	build
tar	1.35	build
xz	5.8.3	build
zlib	1.3.2	build + runtime
zstd	1.5.7	build + runtime

Dependants (30)

Dependants
Name	Version
acl	2.3.2
attr	2.5.2
bash	5.3
bash-bootstrap	5.3
binutils	2.46.1
chromium-bin	147.0.7727.15
chromium-headless-shell-bin	147.0.7727.15
coreutils	9.11
diffutils	3.12
findutils	4.10.0
glibc CVE:3	2.42
gmp	6.3.0
grep	3.12
helix	25.07.1
hex-patch	1.12.5
linux_headers	6.12.43
make	4.4.1
mpc	1.4.0
mpfr	4.2.2
nginx	1.30.0
nushell	0.110.0
pcre2	10.47
perl	5.42.0
redis CVE:8	8.6.4
sed	4.9
toolchain	—
uv	0.11.19
z3	4.16.0
zellij	0.43.1
zstd	1.5.7

Include transitive

Showing 4 advisories, 3 of which are transitive via gcc's dependencies

Security advisories for this package
	Status	IDs	Package	Version	Severity	Published
Critical ( 0 )
High ( 3 )
	Affected: 2.42	CVE-2025-15281	glibc	`2.42`	High: 7.5	5 months ago
Summary No summary published for this advisory. Via: gmp glibc Affected ranges `2.42` CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H` References Advisory: http://www.openwall.com/lists/oss-security/2026/01/20/3 Fix: https://sourceware.org/bugzilla/show_bug.cgi?id=33814
	Affected: 2.42	CVE-2026-0915	glibc	`2.42`	High: 7.5	5 months ago
Summary No summary published for this advisory. Via: gmp glibc Affected ranges `2.42` CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N` References Report: https://sourceware.org/bugzilla/show_bug.cgi?id=33802 ARTICLE: http://www.openwall.com/lists/oss-security/2026/01/16/6
	Affected: 2.42	CVE-2026-0861	glibc	`2.42`	High: 8.4	5 months ago
Summary No summary published for this advisory. Via: gmp glibc Affected ranges `2.42` CVSS vector: `CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H` References Fix: https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001 , http://www.openwall.com/lists/oss-security/2026/01/16/5 Evidence: https://sourceware.org/bugzilla/show_bug.cgi?id=33796
Medium ( 1 )
	Affected: 15.2.0	CVE-2023-4039	gcc	`15.2.0`	Medium: 4.8	3 years ago
Summary DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. Affected ranges `15.2.0` CVSS vector: `CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N`
Low ( 0 )
Unknown ( 0 )

43 components

Software Bill of Materials — every package this build depends on
Packages	Version	Repository	Licence
gcc ROOT	15.2.0	www.gnu.org/software/gcc	(GPL-2.0-only AND GPL-3.0-only AND LGPL-2.1-only)
acl	2.3.2	https://storage.googleapis.com/minimal-staging-archives/acl-2.3.2.tar.xz MIRROR	(GPL-2.0-only AND LGPL-2.1-only)
attr	2.5.2	https://storage.googleapis.com/minimal-staging-archives/attr-2.5.2.tar.gz MIRROR	(GPL-2.0-only AND LGPL-2.1-only)
bash	5.3	www.gnu.org/software/bash	GPL-3.0-only
bash-bootstrap	5.3	https://storage.googleapis.com/minimal-staging-archives/bash-5.3.tar.gz MIRROR	GPL-3.0-only
binutils	2.46.1	www.gnu.org/software/binutils	(GPL-2.0-only AND GPL-3.0-only AND LGPL-2.0-only)
bison	3.8.2	www.gnu.org/software/bison	GPL-3.0-only
bzip2	1.0.8	github.com/libarchive/bzip2	bzip2-1.0.6
coreutils	9.11	www.gnu.org/software/coreutils	GPL-3.0-only
diffutils	3.12	www.gnu.org/software/diffutils	GPL-3.0-only
expat	2.7.5	github.com/libexpat/libexpat	MIT
file	5.47	https://storage.googleapis.com/minimal-staging-archives/file-5.47.tar.gz MIRROR	BSD-2-Clause-Darwin
findutils	4.10.0	https://storage.googleapis.com/minimal-staging-archives/findutils-4.10.0.tar.xz MIRROR	GPL-3.0-only
flex	2.6.4	github.com/westes/flex	BSD-3-Clause-flex
gawk	5.4.0	www.gnu.org/software/gawk	GPL-3.0-only
gawk-bootstrap	5.3.2	https://storage.googleapis.com/minimal-staging-archives/gawk-5.3.2.tar.xz MIRROR	GPL-3.0-only
gdbm	1.26	www.gnu.org/software/gdbm	GPL-3.0-only
glibc	2.42	www.gnu.org/software/glibc	(GPL-2.0-only AND LGPL-2.1-only)
gmp	6.3.0	www.gnu.org/software/gmp	LGPL-3.0-or-later OR GPL-2.0-or-later
grep	3.12	www.gnu.org/software/grep	GPL-3.0-only
gzip	1.14	www.gnu.org/software/gzip	GPL-3.0-only
libcap	2.78	https://storage.googleapis.com/minimal-staging-archives/libcap-2.78.tar.xz MIRROR	BSD-3-Clause OR GPL-2.0-only
libffi	3.5.2	github.com/libffi/libffi	MIT
linux_headers	6.12.43	github.com/torvalds/linux	GPL-2.0-only WITH Linux-syscall-note
lz4	1.10.0	github.com/lz4/lz4	BSD-2-Clause AND GPL-2.0-or-later
m4	1.4.21	www.gnu.org/software/m4	GPL-3.0-only
make	4.4.1	www.gnu.org/software/make	GPL-3.0-only
mpc	1.4.0	www.gnu.org/software/mpc	LGPL-3.0-or-later
mpfr	4.2.2	www.gnu.org/software/mpfr	GPL-3.0-only
ncurses	6.5-20250830	www.gnu.org/software/ncurses	X11-distribute-modifications-variant
openssl	3.6.2	github.com/openssl/openssl	Apache-2.0
pcre2	10.47	github.com/PCRE2Project/pcre2	BSD-3-Clause WITH PCRE2-exception
perl	5.42.0	github.com/Perl/perl5	Artistic-1.0-Perl OR GPL-1.0-or-later
pkgconf	2.5.1	github.com/pkgconf/pkgconf	pkgconf
python	3.14.5	github.com/python/cpython	Python-2.0.1
readline	8.3	www.gnu.org/software/readline	GPL-3.0-only
sed	4.9	www.gnu.org/software/sed	GPL-3.0-only
sqlite	3.50.4	github.com/sqlite/sqlite	blessing
tar	1.35	www.gnu.org/software/tar	GPL-3.0-only
util-linux	2.42.1	github.com/util-linux/util-linux	GPL-2.0-or-later AND LGPL-2.1-or-later AND BSD-3-Clause
xz	5.8.3	github.com/tukaani-project/xz	(0BSD AND GPL-2.0-only AND GPL-3.0-only AND LGPL-2.1-only)
zlib	1.3.2	github.com/madler/zlib	Zlib
zstd	1.5.7	github.com/facebook/zstd	BSD-3-Clause OR GPL-2.0-only

View packages at a commit

gcc

Install package

Quick links

What is gcc?

How to use this package

Quick install

Declare as a task dependency in minimal.toml

Build-time vs runtime

Dependencies (22)

Dependants (30)

Summary

Affected ranges

References

Summary

Affected ranges

References

Summary

Affected ranges

References

Summary

Affected ranges

43 components

Join the waitlist

Check your email