* Andreas: > there is no security support for binutils in debian stable > (buster). Given the importance of binutils this seems to me to be a real > problem.
BFD and binutils have not been designed to process untrusted data. Usually, this does not matter at all. For example, no security boundary is crossed when linking object files that have been just been compiled. All these vulnerabilities do not seem very relevant, so most distributions (not just Debian) focus on fixing other issues instead.
