On Sat, 16 Sep 2017 16:40:24 +0200 Julien Aubin <
julien.aubin@gmail.com> wrote:
> 2017-09-15 21:03 GMT+02:00 Christoph Anton Mitterer <
calestyo@scientia.net>:
>
> > On Fri, 2017-09-15 at 19:18 +0100, Ben Hutchings wrote:
> > > Probably less critical than you think, since we enable
> > > CONFIG_CC_STACKPROTECTOR.
> >
> > Well... yes, but it wouldn't be the first time in history, that such
> > defence could then also be circumvented in the next evolution of an
> > exploit :-)
> >
> > But of course you can lower the bug severity if you think this is
> > appropriate.
> >
> > Cheers&thx.
>
>
> Looks like such issue has been found, stack clash is back :
>
https://security-tracker.debian.org/tracker/CVE-2017-1000379
Could you please backport the fix to stable ?
Thanks !