|From:||Andrew McGlashan <andrew.mcglashan-AT-affinityvision.com.au>|
|To:||debian-security-AT-lists.debian.org, debian-user <debian-user-AT-lists.debian.org>|
|Subject:||MIT discovered issue with gcc|
|Date:||Sat, 23 Nov 2013 12:30:10 +1100|
Hi, I understand that Debian has a bunch of vulnerabilities as described in the following PDF. http://pdos.csail.mit.edu/~xi/papers/stack-sosp13.pdf Just a small quote: "This paper presents the first systematic approach for reasoning about and detecting unstable code. We implement this approach in a static checker called Stack, and use it to show that unstable code is present in a wide range of systems software, including the Linux kernel and the Postgres database. We estimate that unstable code exists in 40% of the 8,575 Debian Wheezy packages that contain C/C++ code. We also show that compilers are increasingly taking advantage of undefined behavior for optimizations, leading to more vulnerabilities related to unstable code." This looks very serious indeed, but a quick search of Debian mailing lists didn't show anything being acknowledged for this issue.... should Debian users be concerned? -- Kind Regards AndrewM
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds