Re: Bug#756325: CVE-2014-5044: gfortran integer overflows

To: Michael Gilbert <mgilbert@debian.org>, 756325@bugs.debian.org, Debian Bug Tracking System <submit@bugs.debian.org>, debian-security@lists.debian.org, debian-project@lists.debian.org, "debian-devel@lists.debian.org" <debian-devel@lists.debian.org>
Subject: Re: Bug#756325: CVE-2014-5044: gfortran integer overflows
From: Matthias Klose <doko@debian.org>
Date: Tue, 29 Jul 2014 21:42:45 +0200
Message-id: <[🔎] 53D7F935.3080001@debian.org>
In-reply-to: <CANTw=MPLaHrJAeFjHXYPz_Jf6xzOQgJ3wpgdeo8cO+aQYGUQ4g@mail.gmail.com>
References: <CANTw=MPLaHrJAeFjHXYPz_Jf6xzOQgJ3wpgdeo8cO+aQYGUQ4g@mail.gmail.com>

Control: tags -1 moreinfo
Control: severity -1 wishlist

Am 28.07.2014 um 22:10 schrieb Michael
Gilbert:python-pyasn1-modules_0.0.5-0ubuntu3_source.changes
> package: src:gcc-4.4, src:gcc-4.6, src:gcc-4.7, src:gcc-4.8, src:gcc-4.9
> severity: serious
> tags: security
> 
> Several integer overflow issues affecting all gcc versions have been
> fixed in libgfortran:
> http://www.openwall.com/lists/oss-security/2014/07/23/7
> 
> Best wishes,

maybe better wishful thinking? you should better stop filing "security" issues,
and better spend your time replying to the ones where more information is needed.

Florian Weimer is still listed as a member of the security team, although he
doesn't seem to do *anything* for Debian currently (apparently employed by Red
Hat).  So please catch up within the debian-security team first where you have
the better expertise, and pretty please don't bother anyone else before
addressing this within the security team.

thanks, and "best wishes", Matthias

Reply to:

Prev by Date: Re: [SECURITY] [DSA 2992-1] linux security update
Previous by thread: Re: [SECURITY] [DSA 2992-1] linux security update
Index(es):
- Date
- Thread