[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2010-3847 fixed or not?

begin  quotation  from Kees Cook (in <[🔎] 20110411175255.GS4050@outflux.net>):
> The first thing to point out is that Debian was never vulnerable to
> CVE-2010-3847 because of an assertion in dl_open_worker(). (Distros
> vulnerable to it had disabled those asserts.)

So, does that mean that CVE-2010-3847 and CVE-2011-0536 can be closed in
the tracker?


[...] If you don't want to be restricted, don't agree to it. If you are
coerced, comply as much as you must to protect yourself, just don't support
it. Noone can free you but yourself. (crag, on Debian Planet)
Arne Wichmann (aw@linux.de)

Attachment: signature.asc
Description: Digital signature

Reply to: