Re: Testing needed for binutils security update

[Alexander Cherepanov <cherepan@mccme.ru>]

On 2014-12-23 00:38, Luciano Bello wrote:
> I have been trying to fix the multiple security issues that binutils has
> pending[1] for wheezy/stable. It have been quite complicated and the patch
> affects many elements of the code. I would like to avoid regression as much as
> possible.
>
> Please, take a look to it [2] (compiled for amd64) and report success or errors
> to team@security.debian.org
>
> [1] https://security-tracker.debian.org/tracker/source-package/binutils
> [2] https://people.debian.org/~luciano/binutils_2.22-8+deb7u1/

CVEs were assigned only to a small number of issues so far and I'm not 
sure it's worth it to fix them without fixing others. Or did you fix 
others too? You can find more issues and fixes in two upstream bugs:

https://sourceware.org/bugzilla/show_bug.cgi?id=17512
https://sourceware.org/bugzilla/show_bug.cgi?id=17531

and the process is not over, new issues are still being found and fixed.

Sorry if it's not easy to track. I'd like to make it easier for Debian. 
Any feedback on the process is welcome.

BTW, the situation with elfutils is somewhat similar, the bug report is 
here:

https://bugzilla.redhat.com/show_bug.cgi?id=1170810

--
Alexander Cherepanov