Re: Is Debian affected by the recent MySQL sql/password.c flow?
On Tue, Jun 12, 2012 at 1:44 AM, Thomas Goirand <firstname.lastname@example.org> wrote:
> Since it has been made public, I believe it's ok to discuss it in
> -devel. I came across this:
> Is the Squeeze version affected? And SID? By reading it, especially the
> end about GCC, it's unclear to me if we need an urgent patch:
> "To my knowledge gcc builtin memcmp is safe, BSD libc memcmp is safe.
> Linux glibc sse-optimized memcmp is not safe, but gcc usually uses the
> inlined builtin version."
> In which case are we?
IMHO I suggest to talk with Security Team before disclosing
information that might be sensitive in the mean time on a Debian
development mailing list.