* Harry Sintonen <sinto...@iki.fi>, 2012-01-31, 01:42:
-D_FORTIFY_SOURCE=2 was enabled in package version 1.8.3p1-3. See: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655417This makes current sid package (1.8.3p1-3) safe.
Maybe. Maybe not. There are known ways of exploiting string format vulnerabilities even with -D_FORTIFY_SOURCE=2.
-- Jakub Wilk -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
