On Mon, Dec 19, 2016 at 07:01:41PM +0100, Stephen Kitt wrote:
> Hi Moritz,
> 
> On Mon, 19 Dec 2016 18:48:06 +0100, Moritz Mühlenhoff <[email protected]> wrote:
> > This has been assigned CVE-2016-4973:
> > https://bugzilla.redhat.com/show_bug.cgi?id=1324759
> 
> This doesn't really seem to be going anywhere, is it really worth spending
> time on? GCC upstream disagrees that it's an issue. I'd already tried the
> patch attached to the bug linked above, and it doesn't work.

I mostly filed it for completeness to have the status tracked in the BTS.

>From my point of view it's not a vulnerability and should not have a
CVE ID assigned, it's ultimately just a missing security hardening
feature.

I'm fine with simply closing it, but it's your maintainer's call.

Cheers,
        Moritz

Reply via email to