On Tue, Sep 05, 2017 at 10:30:03AM +0200, Raphael Hertzog wrote: > On Sun, 03 Sep 2017, Hugo Lefeuvre wrote: > > These CVEs are especially difficult to reproduce because wheezy's gcc > > doesn't have asan and reproduction conditions might require a specific > > setup. > > FWIW, I have been able to reproduce quite a few issues detected by ASAN > with valgrind which does similar checks (albeit implemented in a different > way). > I have also had success rebuilding the wheezy package in jessie, which has a new enough gcc to support ASAN. Of course, that approach only works for packages whose dependencies are still largely intact in jessie.
Regards, -Roberto -- Roberto C. Sánchez
