[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2016-6131 binutils, gdb, valgrind etc.


2016-07-06 18:22 GMT+02:00 Holger Levsen <holger@layer-acht.org>:
> On Wed, Jul 06, 2016 at 05:57:43PM +0200, Markus Koschany wrote:
>> In this specific case I wouldn't do it because of the reasons I have
>> mentioned before but more input from others is welcome. If we decide to
>> fix these issues we also need to take care of valgrind, nescc,
>> libiberty, ht, gdb, gcc-h8300-hms and binutils-h8300-hms. Otherwise it
>> would be rather inconsistent.
> I disagree. Perfect is the enemy of good. We have inconsistances in many
> places too.
> Brians work was useful and should not be lost. It's good to close
> "minor" security holes.

I agree. Sometimes exploiting a combination of "minor" issues can be
combined  to allow more severe attacks. If the fixes are safe, I think they
should be released.


Reply to: