Miles, the GCC developers don't consider this to be a bug, and so I doubt
that any of it will be "fixed". For example, here is a "bug" cited in the
paper:
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=30475
If you have a moment, read through that thread. It gets pretty testy as the
developers argue
The researchers' point was that an attacker might be able to remap that memory
page so that dereferencing a null pointer would NOT segfault. (I don't actually
know how feasible this is; I'm just paraphrasing their argument. They footnote
this claim but I didn't bother to read the cited sources.)
Thanks, Luca. Will you notify this mailing list when the SSL certs have
been installed?
On Mon, Oct 28, 2013 at 10:01 PM, Luca Filipozzi wrote:
> On Mon, Oct 28, 2013 at 09:31:35PM -0400, Mark Haase wrote:
> > I'd like to suggest that Debian should at least use SSL on their sec
It's a bit ironic that the Debian security site doesn't offer SSL, right?
If an attacker can MITM an organization that uses Debian, then they can
MITM the Debian security page and control what security bulletins that
organization can access.
I'm also concerned because this same domain hosts automa
4 matches
Mail list logo
