Bug#918914: add -fstack-clash-protection to default buildflags

* Harlan Lieberman-Berg: > Hello GCC Maintainers! > > It would be Really Awesome (TM) if we could add the > -fstack-clash-protection flag to our default hardening posture. This > would have provided protection against the recent System Down > vulnerability (CVE-2018-16864, CVE-2018-16865,

Bug#580038: Integer overflow in epoch handling

Package: dpkg Version: 1.14.28 dpkg's version comparison is architecture-dependent (due to changes in the size of the C long type): (i386)$ dpkg --compare-versions 4294967296:1 '' 4294967295:1 ; echo $? 1 (amd64)$ dpkg --compare-versions 4294967296:1 '' 4294967295:1 ; echo $? 0 The second

Bug#533916: C++ symbol mangling difference between arches

* Modestas Vainius: While apparently, VT can't be implemented differently (except \d+), what about size_t etc. then? They all can be implemented as regexps too the most simple being 'any character'. However, in my opinion, exact string matching is worthwhile to keep whenever possible. Can't

Bug#333866: apt-ftparchive: please generate Source: line in Packages file for recompliation-only binary NMU

* Marc Haber: apt-ftparchive is in a position to help here by generating a proper Source: line in the Packages: file. For example, bind9 1:9.2.1-2.0.1 should have Source: bind9 (1:9.2.1-2) in the Packages file. IMO, the Source: line should only be suppressed if both package name and version

Bug#317967: [CAN-2005-2096] dpkg-deb contains a statically linked copy of zlib

* Scott James Remnant: On Tue, 2005-07-12 at 18:10 +0200, Florian Weimer wrote: dpkg-deb seems to contain a statically linked copy of zlib version 1.2.2. This means it's potentially vulnerable to CAN-2005-2096. Please check, and advise the security team if an update for stable is required