More information about this security flaw is available in the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=2342875 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
I would like to contest reopening this bug. First of all the SECURITY.txt document that ships as part of the binutils sources makes it clear that bugs in inspection tools like objdump are not considered to be security issues as they cannot affect the generation of good binaries. Second of all the CVE suggests that this flaw can be triggered remotely, but it is hard to see how this is possible. The objdump program has no network connectivity, and I fail to see how a remote attack could make use of it. Finally all that the flaw can do is to cause the objdump program to fail with an illegal memory access. Since the program is not intended to remain in-memory or provide any kind of service, having it terminate will not affect any other process or user.
I am going to close this BZ. I feel that the bug does not really meet the criteria for a CVE. Or at least a CVE that needs to be fixed here. The current rawhide binutils include that patch that fixes the bug, and I do not feel that it is worth backporting the patch to other Fedora releases since the problem can only be triggered by corrupt input, not valid files.