Re: CVE-2010-3847 fixed or not?

To: debian-security@lists.debian.org
Subject: Re: CVE-2010-3847 fixed or not?
From: Arne Wichmann <aw@anhrefn.saar.de>
Date: Wed, 13 Apr 2011 11:23:10 +0200
Message-id: <[🔎] 20110413092310.GA2492@anhrefn.saar.de>
In-reply-to: <[🔎] 20110411175255.GS4050@outflux.net>
References: <20110322153500.332623ea.michael.s.gilbert@gmail.com> <[🔎] 20110407171325.GB15356@anhrefn.saar.de> <[🔎] 20110411175255.GS4050@outflux.net>

begin  quotation  from Kees Cook (in <[🔎] 20110411175255.GS4050@outflux.net>):
> The first thing to point out is that Debian was never vulnerable to
> CVE-2010-3847 because of an assertion in dl_open_worker(). (Distros
> vulnerable to it had disabled those asserts.)

So, does that mean that CVE-2010-3847 and CVE-2011-0536 can be closed in
the tracker?

cu

AW
-- 
[...] If you don't want to be restricted, don't agree to it. If you are
coerced, comply as much as you must to protect yourself, just don't support
it. Noone can free you but yourself. (crag, on Debian Planet)
Arne Wichmann (aw@linux.de)

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: CVE-2010-3847 fixed or not?
  - From: Kees Cook <kees@debian.org>

References:
- Re: CVE-2010-3847 fixed or not?
  - From: Arne Wichmann <aw@anhrefn.saar.de>
- Re: CVE-2010-3847 fixed or not?
  - From: Kees Cook <kees@debian.org>

Prev by Date: Re: CVE-2010-3847 fixed or not?
Next by Date: Re: CVE-2010-3847 fixed or not?
Previous by thread: Re: CVE-2010-3847 fixed or not?
Next by thread: Re: CVE-2010-3847 fixed or not?
Index(es):
- Date
- Thread