On Fri, Jan 09, 2015 at 06:52:59AM -0700, Troy Heber wrote:
> It looks like the older version that we are shipping Debian is not affected by
> this CVE, running dwarfdump on the "odd elf" file under valgrind does not
> report any read after free errors:
Thanks, I'll update the security tracker.
C
It looks like the older version that we are shipping Debian is not affected by
this CVE, running dwarfdump on the "odd elf" file under valgrind does not
report any read after free errors:
user@host:~$ valgrind /usr/bin/dwarfdump ~/dlf/x/a.out
==19388== Memcheck, a memory error detector
==193
On 01/08/15 19:56, Moritz Mühlenhoff wrote:
> since jessie is frozen, only a targeted security fix
> would be allowed by the release team anyway. Can you
> please prepare one?
I know but was waiting for upstream to feel comfortable enough with
the fix to push the release while also working on bac
On Tue, Jan 06, 2015 at 01:13:25PM -0700, Troy Heber wrote:
> tag upstream
> thanks
>
> Upstream has pushed patches to the repo but has not yet done a release
> yet.
Hi,
since jessie is frozen, only a targeted security fix
would be allowed by the release team anyway. Can you
please prepare one?
tag upstream
thanks
Upstream has pushed patches to the repo but has not yet done a release
yet.
Troy
signature.asc
Description: Digital signature
Package: dwarfutils
Severity: important
Tags: security
Justification: user security hole
Please see http://www.openwall.com/lists/oss-security/2014/12/31/3
for details.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe".
6 matches
Mail list logo
