[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of binutils?

FWIW, the security team just marked all the currently pending security
issues of binutils in jessie as "no-dsa (minor issue)" which means they
consider the issues are not serious enough to warrant a security upload.

after a quick review of the issues, i have also followed suit and marked
the issues as "no-dsa" in wheezy, and removed the item from

this means it is unlikely we will make an upload to wheezy to fix those
issues unless someone believes those issues are important enough to be
fixed. from my perspective, the most serious issue is probably
CVE-2017-7227, where GNU ld can be crashed with an arbitrary input
script. this was marked as "low" severity by Red Hat as well...

the other issues are all regarding debugging tools like addr2line which
are unlikely to be used on a wheezy system, as they are more aimed at
developping software...

i hope that's alright with everyone!


On 2017-03-22 08:10:11, Ola Lundqvist wrote:
> Hi
> This was interesting information. Do you know the background why they were
> not accepted?
> I mean if this has been a known problem and the release team rejected it
> maybe we should not do an update. Are there backwards compatibility
> problems?
> Best regards
> // Ola
> On 21 March 2017 at 23:18, Matthias Klose <doko@debian.org> wrote:
>> On 21.03.2017 21:01, Ola Lundqvist wrote:
>> > Hello dear maintainer(s),
>> >
>> > the Debian LTS team would like to fix the security issues which are
>> > currently open in the Wheezy version of binutils:
>> > https://security-tracker.debian.org/tracker/source-package/binutils
>> >
>> > Would you like to take care of this yourself?
>> pleaes go ahead. afairc these patches were proposed during the wheezy
>> freeze to
>> be taken from the binutils branch, but not accepted.
> -- 
>  --- Inguza Technology AB --- MSc in Information Technology ----
> /  ola@inguza.com                    Folkebogatan 26            \
> |  opal@debian.org                   654 68 KARLSTAD            |
> |  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
> \  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
>  ---------------------------------------------------------------

Isn't man but a blossom taken by the wind, and only the mountains and
the sea and the stars and this Land of the Gods real and everlasting?
                       - James Clavell, Shōgun

Reply to: