David Miller wrote:
CERT is asking these vendors for "approval" for the text they will add
mentioning anything about their product. That's the bit I'm talking
about.
They are getting protection and consideration that was not really
afforded to GCC.
CERT treated GCC differently.
This is not t
David Miller wrote:
How, may I ask, did that policy apply to the GCC "vendor"
when this all got started?
Our own testing of multiple versions of gcc on multiple platforms and
subsequent confirmation by Mark that it was intentional, desired
behavior. This all occurred prior to even the initia
Brad Roberts wrote:
Additionally, the linked to notes for GCC are reflective of the original
innaccuracies:
http://www.kb.cert.org/vuls/id/CRDY-7DWKWM
Vendor Statement
No statement is currently available from the vendor regarding this
vulnerability.
US-CERT Addendum
Vendors and developers
Mark Mitchell wrote:
However, I'm surprised that only GCC is listed as "vulnerable" at the
bottom of the page. We've provided information about a lot of other
compilers that do the same optimization. Why is the status for
compilers from Microsoft, Intel, IBM, etc. listed as "Unknown" instead
Joe Buck wrote:
Thanks. I hope that you will correct the advisory promptly to avoid any
implication that one should switch from GCC to a different compiler based
on this issue, since we've already established that most of GCC's
competitors perform similar optimizations under some cicumstances (e
