Re: Is Debian affected by the recent MySQL sql/password.c flow?

To: Thomas Goirand <thomas@goirand.fr>
Cc: debian-devel@lists.debian.org
Subject: Re: Is Debian affected by the recent MySQL sql/password.c flow?
From: Aron Xu <happyaron.xu@gmail.com>
Date: Tue, 12 Jun 2012 01:52:15 +0800
Message-id: <[🔎] CAMr=8w4Mob-sWJzYGcWbw-QLBhhJf+uMOs+38uQ839BMRA2UEg@mail.gmail.com>
In-reply-to: <[🔎] 4FD62E80.20308@goirand.fr>
References: <[🔎] 4FD62E80.20308@goirand.fr>

On Tue, Jun 12, 2012 at 1:44 AM, Thomas Goirand <thomas@goirand.fr> wrote:
> Hi,
>
> Since it has been made public, I believe it's ok to discuss it in
> -devel. I came across this:
> http://seclists.org/oss-sec/2012/q2/493
>
> Is the Squeeze version affected? And SID? By reading it, especially the
> end about GCC, it's unclear to me if we need an urgent patch:
>
> "To my knowledge gcc builtin memcmp is safe, BSD libc memcmp is safe.
> Linux glibc sse-optimized memcmp is not safe, but gcc usually uses the
> inlined builtin version."
>
> In which case are we?
>

IMHO I suggest to talk with Security Team before disclosing
information that might be sensitive in the mean time on a Debian
development mailing list.


-- 
Regards,
Aron Xu

Reply to:

Follow-Ups:
- Re: Is Debian affected by the recent MySQL sql/password.c flow?
  - From: Thomas Goirand <zigo@debian.org>

References:
- Is Debian affected by the recent MySQL sql/password.c flow?
  - From: Thomas Goirand <thomas@goirand.fr>

Prev by Date: Is Debian affected by the recent MySQL sql/password.c flow?
Next by Date: Re: Is Debian affected by the recent MySQL sql/password.c flow?
Previous by thread: Is Debian affected by the recent MySQL sql/password.c flow?
Next by thread: Re: Is Debian affected by the recent MySQL sql/password.c flow?
Index(es):
- Date
- Thread