On Tue, Dec 31, 2019 at 9:47 AM Florian Weimer wrote: > BFD and binutils have not been designed to process untrusted data. > Usually, this does not matter at all. For example, no security > boundary is crossed when linking object files that have been just been > compiled.
There are definitely situations where vulnerabilities in binutils (mostly objdump) are important and a security boundary could be crossed, for example; running lintian on ftp-master, malware reverse engineering and inspection of binaries for hardening features. -- bye, pabs https://wiki.debian.org/PaulWise
