Re: CVE-2016-6131 binutils, gdb, valgrind etc.

To: Debian LTS <debian-lts@lists.debian.org>
Subject: Re: CVE-2016-6131 binutils, gdb, valgrind etc.
From: Brian May <bam@debian.org>
Date: Thu, 07 Jul 2016 17:45:34 +1000
Message-id: <[🔎] 8760shuc0x.fsf@prune.linuxpenguins.xyz>
In-reply-to: <[🔎] 874m83usgp.fsf@prune.linuxpenguins.xyz>
References: <[🔎] 9f5539d9-6905-9533-c8c1-ffcf6928b4c7@debian.org> <[🔎] 874m83usgp.fsf@prune.linuxpenguins.xyz>

Brian May <bam@debian.org> writes:

> I have a build of binutils for all pending CVEs except CVE-2016-4491,

My suspicion is that the wheezy version is vulnerable to CVE-2016-4491.

However in more recent versions d_print_comp has been split up into two
functions: d_print_comp which calls d_print_comp_inner that does the
bulk of the work.

The patch applies to the outer d_print_comp function.

In wheezy, there is only one function, which looks more like the inner
function. As there is no equivalent of the outer function, the patch
will not apply with out changes.
-- 
Brian May <bam@debian.org>

Reply to:

References:
- CVE-2016-6131 binutils, gdb, valgrind etc.
  - From: Markus Koschany <apo@debian.org>
- Re: CVE-2016-6131 binutils, gdb, valgrind etc.
  - From: Brian May <bam@debian.org>

Prev by Date: Re: CVE-2016-6131 binutils, gdb, valgrind etc.
Next by Date: Re: CVE-2016-6131 binutils, gdb, valgrind etc.
Previous by thread: Re: CVE-2016-6131 binutils, gdb, valgrind etc.
Next by thread: Re: CVE-2016-6131 binutils, gdb, valgrind etc.
Index(es):
- Date
- Thread