Package: dpkg-dev Version: 1.19.2 Severity: wishlist Tags: security Hello GCC Maintainers!
It would be Really Awesome (TM) if we could add the -fstack-clash-protection flag to our default hardening posture. This would have provided protection against the recent System Down vulnerability (CVE-2018-16864, CVE-2018-16865, CVE-2018-16866, aka #918841 and #918848). I'd realllllllly love it if it would make it into buster, but I know that's an awfully aggressive timeline considering the upcoming freeze. Still, there are an awfully high number of vulnerabilities that are lurking that this might be able to help patch up. Happy to discuss more, and if we need to do a test archive-rebuild with that change made, I can probably do that in the upcoming weekend. Sincerely, -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (900, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages dpkg-dev depends on: ii binutils 2.31.1-11 ii bzip2 1.0.6-9 ii libdpkg-perl 1.19.2 ii make 4.2.1-1.2 ii patch 2.7.6-3 ii perl 5.28.1-3 ii tar 1.30+dfsg-3 ii xz-utils 5.2.2-1.3 Versions of packages dpkg-dev recommends: ii build-essential 12.5 ii fakeroot 1.23-1 ii gcc 4:8.2.0-2 ii gcc-7 [c-compiler] 7.3.0-29 ii gcc-8 [c-compiler] 8.2.0-13 ii gnupg 2.2.12-1 ii gnupg2 2.2.12-1 ii gpgv 2.2.12-1 ii libalgorithm-merge-perl 0.08-3 Versions of packages dpkg-dev suggests: ii debian-keyring 2018.11.25 -- no debconf information
