On Tue, Jun 12, 2012 at 1:44 AM, Thomas Goirand <[email protected]> wrote: > Hi, > > Since it has been made public, I believe it's ok to discuss it in > -devel. I came across this: > http://seclists.org/oss-sec/2012/q2/493 > > Is the Squeeze version affected? And SID? By reading it, especially the > end about GCC, it's unclear to me if we need an urgent patch: > > "To my knowledge gcc builtin memcmp is safe, BSD libc memcmp is safe. > Linux glibc sse-optimized memcmp is not safe, but gcc usually uses the > inlined builtin version." > > In which case are we? >
IMHO I suggest to talk with Security Team before disclosing information that might be sensitive in the mean time on a Debian development mailing list. -- Regards, Aron Xu -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/CAMr=8w4mob-swjzygcwbw-qlbhhjf+umos+38uq839bmra2...@mail.gmail.com
