Re: August Report

To: debian-lts@lists.debian.org
Subject: Re: August Report
From: Roberto C. Sánchez <roberto@debian.org>
Date: Tue, 5 Sep 2017 06:36:57 -0400
Message-id: <[🔎] 20170905103657.GA18205@connexer.com>
Mail-followup-to: Roberto C. Sánchez <roberto@debian.org>, debian-lts@lists.debian.org
In-reply-to: <[🔎] 20170905083003.6iscm5zs7yrzkeb5@home.ouaza.com>
References: <[🔎] 20170903103117.sccfp4pakoeubkub@hle-laptop.local> <[🔎] 20170905083003.6iscm5zs7yrzkeb5@home.ouaza.com>

On Tue, Sep 05, 2017 at 10:30:03AM +0200, Raphael Hertzog wrote:
> On Sun, 03 Sep 2017, Hugo Lefeuvre wrote:
> >    These CVEs are especially difficult to reproduce because wheezy's gcc
> >    doesn't have asan and reproduction conditions might require a specific
> >    setup.
> 
> FWIW, I have been able to reproduce quite a few issues detected by ASAN
> with valgrind which does similar checks (albeit implemented in a different
> way).
> 
I have also had success rebuilding the wheezy package in jessie, which
has a new enough gcc to support ASAN.  Of course, that approach only
works for packages whose dependencies are still largely intact in
jessie.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Reply to:

Follow-Ups:
- Re: August Report
  - From: Hugo Lefeuvre <hle@debian.org>

References:
- August Report
  - From: Hugo Lefeuvre <hle@debian.org>
- Re: August Report
  - From: Raphael Hertzog <hertzog@debian.org>

Prev by Date: Re: August Report
Next by Date: Re: Wheezy update of irssi?
Previous by thread: Re: August Report
Next by thread: Re: August Report
Index(es):
- Date
- Thread