Re: [Secure-testing-commits] r48631 - in data: . CVE
Hi Balint,
On 31/01/17 21:46, Balint Reczey wrote:
> Log:
> wavpack's issues don't affect wheezy
>
> The first part of the upstream patch is not needed since the
> code is very different and not vulnerable.
> The second part applies, but does not make any difference when
> trying the exploits. Tested with valgrind on Wheezy.
These issues were found with address sanitizer, so I don't think checking with
valgrind is enough (it's not the same).
May be worth checking with asan (it should be available in wheezy's llvm 3.1).
Cheers,
Emilio
Reply to: