* Harlan Lieberman-Berg:
> Hello GCC Maintainers!
>
> It would be Really Awesome (TM) if we could add the
> -fstack-clash-protection flag to our default hardening posture. This
> would have provided protection against the recent System Down
> vulnerability (CVE-2018-16864, CVE-2018-16865,
Package: dpkg
Version: 1.14.28
dpkg's version comparison is architecture-dependent (due to changes in
the size of the C long type):
(i386)$ dpkg --compare-versions 4294967296:1 '' 4294967295:1 ; echo $?
1
(amd64)$ dpkg --compare-versions 4294967296:1 '' 4294967295:1 ; echo $?
0
The second
* Modestas Vainius:
While apparently, VT can't be implemented differently (except \d+),
what about size_t etc. then? They all can be implemented as regexps
too the most simple being 'any character'. However, in my opinion,
exact string matching is worthwhile to keep whenever possible.
Can't
* Marc Haber:
apt-ftparchive is in a position to help here by generating a proper
Source: line in the Packages: file. For example, bind9 1:9.2.1-2.0.1
should have Source: bind9 (1:9.2.1-2) in the Packages file. IMO, the
Source: line should only be suppressed if both package name and
version
* Scott James Remnant:
On Tue, 2005-07-12 at 18:10 +0200, Florian Weimer wrote:
dpkg-deb seems to contain a statically linked copy of zlib version
1.2.2. This means it's potentially vulnerable to CAN-2005-2096. Please
check, and advise the security team if an update for stable is required
5 matches
Mail list logo