Brian May <b...@debian.org> writes: > I have a build of binutils for all pending CVEs except CVE-2016-4491,
My suspicion is that the wheezy version is vulnerable to CVE-2016-4491. However in more recent versions d_print_comp has been split up into two functions: d_print_comp which calls d_print_comp_inner that does the bulk of the work. The patch applies to the outer d_print_comp function. In wheezy, there is only one function, which looks more like the inner function. As there is no equivalent of the outer function, the patch will not apply with out changes. -- Brian May <b...@debian.org>
