There's a large number of CVEs against binutils@2.28. Gentoo¹ has a nice
long list of the CVEs, and I've put together a patch to graft a
replacement, but I'm getting grafting errors:
ERROR: replacement length differs from the original length "h9nqlf0c82c1sds4yzs60k7pm4f37si2-binutils-2.28" "wl5dg3dnqvk2v2ahh5iadnv1s34rsbb6-binutils-2.28.1"

I've attached the patch in case anyone has any ideas on how to fix this.

¹ https://security.gentoo.org/glsa/201709-02

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted