Date: Fri, 14 Aug 2015 19:08:41 +0100 From: Jonathan Wakely <jwakely.gcc@...il.com> To: Florian Weimer <fweimer@...hat.com> Cc: "libstdc++" <libstdc++@....gnu.org>, oss-security@...ts.openwall.com Subject: Re: Alleged libstdc++ vulnerabilities On 14 August 2015 at 18:55, Jonathan Wakely wrote: > On 14 August 2015 at 18:49, Florian Weimer wrote: >> Does anybody know what this is about and can point to the relevant PRs? >> >> “discovered serious security bugs in […] libstdc++” >> >> <http://www.news.gatech.edu/2015/08/13/georgia-tech-finds-11-security-flaws-popular-internet-browsers-using-new-analysis-method> >> >> The USENIX paper >> <https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-lee.pdf> >> does not back up this claim. > > The paper abstract says "discovered 11 previously unknown security vulnera- > bilities: nine in GNU libstdc++ and two in Firefox, all of which have > been confirmed and subsequently fixed by vendors. " > > I guess they are referring to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63345 And FWIW most of the "fixes" they suggested were just nonsense.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ