Hi, I understand that Debian has a bunch of vulnerabilities as described in the following PDF.
http://pdos.csail.mit.edu/~xi/papers/stack-sosp13.pdf Just a small quote: "This paper presents the first systematic approach for reasoning about and detecting unstable code. We implement this approach in a static checker called Stack, and use it to show that unstable code is present in a wide range of systems software, including the Linux kernel and the Postgres database. We estimate that unstable code exists in 40% of the 8,575 Debian Wheezy packages that contain C/C++ code. We also show that compilers are increasingly taking advantage of undefined behavior for optimizations, leading to more vulnerabilities related to unstable code." This looks very serious indeed, but a quick search of Debian mailing lists didn't show anything being acknowledged for this issue.... should Debian users be concerned? -- Kind Regards AndrewM -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/52900522.9040...@affinityvision.com.au
