On Mon, Sep 17, 2007 at 06:01:05AM +0930, Kevin Shanahan wrote:
> The latest upstream release provides C99 compliant implementations of
> snprintf and vsnprintf.

Cool.  It looks like there is a gcc4.2 candidate now as well, so I'll
look into preparing some new packages soon.

> I'm unsure what severity to give this,

It's a new upstream release, so wishlist is about right.

> code expecting C99 behaviour will potentially have security bugs when
> compiled with runtime 3.12.

This has been known behaviour on that platform for a very long time,
and nothing we are doing will make previously secure code more insecure,
so this is a nice thing to have, but it doesn't make the old toolchain
a security regression in the normal sense of such bugs.

The change might break some billware specific code though??  I guess
we'll see.

Cheers,
Ron





-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to