[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Secure-testing-commits] r48631 - in data: . CVE

Hi Balint,

On 31/01/17 21:46, Balint Reczey wrote:
> Log:
> wavpack's issues don't affect wheezy
> The first part of the upstream patch is not needed since the
> code is very different and not vulnerable.
> The second part applies, but does not make any difference when
> trying the exploits. Tested with valgrind on Wheezy.

These issues were found with address sanitizer, so I don't think checking with
valgrind is enough (it's not the same).

May be worth checking with asan (it should be available in wheezy's llvm 3.1).


Reply to: