* Harry Sintonen <[email protected]>, 2012-01-31, 01:42:
-D_FORTIFY_SOURCE=2 was enabled in package version 1.8.3p1-3. See: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655417This makes current sid package (1.8.3p1-3) safe.
Maybe. Maybe not. There are known ways of exploiting string format vulnerabilities even with -D_FORTIFY_SOURCE=2.
-- Jakub Wilk -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
