Is Debian affected by the recent MySQL sql/password.c flow?

To: debian-devel@lists.debian.org
Subject: Is Debian affected by the recent MySQL sql/password.c flow?
From: Thomas Goirand <thomas@goirand.fr>
Date: Tue, 12 Jun 2012 01:44:32 +0800
Message-id: <[🔎] 4FD62E80.20308@goirand.fr>

Hi,

Since it has been made public, I believe it's ok to discuss it in
-devel. I came across this:
http://seclists.org/oss-sec/2012/q2/493

Is the Squeeze version affected? And SID? By reading it, especially the
end about GCC, it's unclear to me if we need an urgent patch:

"To my knowledge gcc builtin memcmp is safe, BSD libc memcmp is safe.
Linux glibc sse-optimized memcmp is not safe, but gcc usually uses the
inlined builtin version."

In which case are we?

Cheers,

Thomas

Reply to:

Follow-Ups:
- Re: Is Debian affected by the recent MySQL sql/password.c flow?
  - From: Aron Xu <happyaron.xu@gmail.com>
- Re: Is Debian affected by the recent MySQL sql/password.c flow?
  - From: Lech Karol Pawłaszek <ike@szluug.org>

Prev by Date: Re: Lets (eventually) find a good solution for /tmp
Next by Date: Re: Is Debian affected by the recent MySQL sql/password.c flow?
Previous by thread: Re: [xml/sgml-pkgs] Processed: severity of 676686 is important
Next by thread: Re: Is Debian affected by the recent MySQL sql/password.c flow?
Index(es):
- Date
- Thread