On Fri, Aug 16, 2019 at 08:11:58PM +0000, Markus Koschany wrote: > Markus Koschany pushed to branch master at Debian Security Tracker / > security-tracker > > Commits: > bc35662f by Markus Koschany at 2019-08-16T20:11:47Z > Add radare2 to dla-needed.txt with comments. > > - - - - - > 1 changed file: > - data/dla-needed.txt > +radare2 > + NOTE: 20190816: Affected by CVE-2019-14745. Vulnerable code is in > + NOTE: libr/core/bin.c. Many no-dsa issues in Jessie and Stretch. Should we > + NOTE: continue the current approach, update to a newer upstream version or > mark > + NOTE: radare2 as unsupported? Also note that there is a r2-pwnDebian > challenge... > + NOTE: https://bananamafia.dev/post/r2-pwndebian/ (apo)
I'd be in favor of marking radare2 as unsupported, probably even for stable,
but definitly for oldstable and older.
I'd be happy to do these changes in src:debian-security-tracker and
uploading this to sid.
--
cheers,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
signature.asc
Description: PGP signature
