On 12/11/15 11:21, Guido Günther wrote: > the Debian LTS team would like to fix the security issues which are > currently open in the Squeeze version of dwarfutils: > https://security-tracker.debian.org/tracker/CVE-2015-8538 > > Would you like to take care of this yourself? According to the RHEL bug[1] for CVE-2015-8538 : "There is a out of bound read in latest release version dwarf-20151114, and we have tested the other version dwarf-20140805, so we guess the versions which are between these two version will be affected too." I just tested the version in squeeze (20100214-1) and it is indeed not affected by this CVE, and does not segfault with the provided test case. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1289385
Attachment:
signature.asc
Description: Digital signature