[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Git][security-tracker-team/security-tracker][master] Add radare2 to dla-needed.txt with comments.

On Fri, Aug 16, 2019 at 08:11:58PM +0000, Markus Koschany wrote:
> Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
> Commits:
> bc35662f by Markus Koschany at 2019-08-16T20:11:47Z
> Add radare2 to dla-needed.txt with comments.
> - - - - -
> 1 changed file:
> - data/dla-needed.txt
> +radare2
> +  NOTE: 20190816: Affected by CVE-2019-14745. Vulnerable code is in
> +  NOTE: libr/core/bin.c. Many no-dsa issues in Jessie and Stretch. Should we
> +  NOTE: continue the current approach, update to a newer upstream version or mark
> +  NOTE: radare2 as unsupported? Also note that there is a r2-pwnDebian challenge...
> +  NOTE: https://bananamafia.dev/post/r2-pwndebian/ (apo)

I'd be in favor of marking radare2 as unsupported, probably even for stable,
but definitly for oldstable and older.

I'd be happy to do these changes in src:debian-security-tracker and
uploading this to sid.


       PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

Attachment: signature.asc
Description: PGP signature

Reply to: