[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: August Report

On Tue, Sep 05, 2017 at 10:30:03AM +0200, Raphael Hertzog wrote:
> On Sun, 03 Sep 2017, Hugo Lefeuvre wrote:
> >    These CVEs are especially difficult to reproduce because wheezy's gcc
> >    doesn't have asan and reproduction conditions might require a specific
> >    setup.
> FWIW, I have been able to reproduce quite a few issues detected by ASAN
> with valgrind which does similar checks (albeit implemented in a different
> way).
I have also had success rebuilding the wheezy package in jessie, which
has a new enough gcc to support ASAN.  Of course, that approach only
works for packages whose dependencies are still largely intact in



Roberto C. Sánchez

Reply to: