Brian May <b...@debian.org> writes: > Ola Lundqvist <o...@inguza.com> writes: > >> Could it be so that the problem is only reproducible on 32-bit >> systems? > > Good point. Will try.
Nope. Can't reproduce i386 build on amd64 kernel. I would be rather surprised if choice of kernel mattered. I can reproduce CVE-2018-19210. Both on wheezy and stretch. Doesn't appear to be any patch available yet. Note when testing this vulnerabilty, the supplied command will modify the source file, meaning running the same command one plus times will not crash after the first time (unless you restore the input file). -- Brian May <b...@debian.org>
