Date: Fri, 14 Aug 2015 19:08:41 +0100 From: Jonathan Wakely <jwakely.gcc@...il.com> To: Florian Weimer <fweimer@...hat.com> Cc: "libstdc++" <libstdc++@....gnu.org>, oss-security@...ts.openwall.com Subject: Re: Alleged libstdc++ vulnerabilities On 14 August 2015 at 18:55, Jonathan Wakely wrote: > On 14 August 2015 at 18:49, Florian Weimer wrote: >> Does anybody know what this is about and can point to the relevant PRs? >> >> “discovered serious security bugs in […] libstdc++” >> >> <http://www.news.gatech.edu/2015/08/13/georgia-tech-finds-11-security-flaws-popular-internet-browsers-using-new-analysis-method> >> >> The USENIX paper >> <https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-lee.pdf> >> does not back up this claim. > > The paper abstract says "discovered 11 previously unknown security vulnera- > bilities: nine in GNU libstdc++ and two in Firefox, all of which have > been confirmed and subsequently fixed by vendors. " > > I guess they are referring to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63345 And FWIW most of the "fixes" they suggested were just nonsense.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.