On Thu, Jan 10, 2019 at 09:42:10AM -0500, Harlan Lieberman-Berg wrote:
> Package: dpkg-dev
> Version: 1.19.2
> Severity: wishlist
> Tags: security
>
> Hello GCC Maintainers!
>
> It would be Really Awesome (TM) if we could add the
> -fstack-clash-protection flag to our default hardening posture. This
> would have provided protection against the recent System Down
> vulnerability (CVE-2018-16864, CVE-2018-16865, CVE-2018-16866, aka
> #918841 and #918848).
>
> I'd realllllllly love it if it would make it into buster, but I know
> that's an awfully aggressive timeline considering the upcoming freeze.
> Still, there are an awfully high number of vulnerabilities that are
> lurking that this might be able to help patch up.
>
> Happy to discuss more, and if we need to do a test archive-rebuild
> with that change made, I can probably do that in the upcoming weekend.
Has there been progress? Did anyone run archive rebuilds? Or given
that Ubuntu enables it by default these days, do we actually still
need them?
Cheers,
Moritz
