On Fri, Dec 26, 2014 at 02:02:31PM +0100, Luciano Bello wrote: > > BTW, the situation with elfutils is somewhat similar, the bug report is > > here: > > https://bugzilla.redhat.com/show_bug.cgi?id=1170810 > > I'm reporting this issue to our elfutils maintainer to keep the track of it. > Do > you know if there is a plan to get CVE id for this/these issue/s?
So there have been alot of fixes in upstream elfutils because of the fuzzing, and at least some those should probably get a CVE. One of the upstream statements: | I think it is reasonable | to just say that we are working towards making it safe to process arbitrary | random ELF files and DWARF debuginfo data with elfutils by 0.162 (to be | released on March). But that in general people should only use elfutils | tools and libraries on files produced by a trusted toolchain for now. Kurt -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141231130015.ga31...@roeckx.be
