[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Is Debian affected by the recent MySQL sql/password.c flow?


Since it has been made public, I believe it's ok to discuss it in
-devel. I came across this:

Is the Squeeze version affected? And SID? By reading it, especially the
end about GCC, it's unclear to me if we need an urgent patch:

"To my knowledge gcc builtin memcmp is safe, BSD libc memcmp is safe.
Linux glibc sse-optimized memcmp is not safe, but gcc usually uses the
inlined builtin version."

In which case are we?



Reply to: