Kees Cook wrote: > Attached is a list of affected packages, generated via: > > pcregrep -M 'sprintf\s*\(\s*([^,]*)\s*,\s*"%s[^"]*"\s*,\s*\1\s*,' > pcregrep -M 'snprintf\s*\(\s*([^,]*)\s*,[^,]*,\s*"%s[^"]*"\s*,\s*\1\s*,' > > The logs for individual packages can be seen here[4]. I've tried to trim > out stuff that was Ubuntu-specific or not relevant, so apologies in advance > if there are incorrect (or missing) things in the list. > > Thoughts?
How about either matching stuff against the build logs or recompiling with a compiler that actually fails when asked to compile a file that matches? That would seem to have potential for reducing the number of false positives. Kind regards T. -- Thomas Viehmann, http://thomas.viehmann.net/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
