2017-09-15 21:03 GMT+02:00 Christoph Anton Mitterer <cales...@scientia.net>:
> On Fri, 2017-09-15 at 19:18 +0100, Ben Hutchings wrote: > > Probably less critical than you think, since we enable > > CONFIG_CC_STACKPROTECTOR. > > Well... yes, but it wouldn't be the first time in history, that such > defence could then also be circumvented in the next evolution of an > exploit :-) > > But of course you can lower the bug severity if you think this is > appropriate. > > Cheers&thx. Looks like such issue has been found, stack clash is back : https://security-tracker.debian.org/tracker/CVE-2017-1000379
