Hi, Since it has been made public, I believe it's ok to discuss it in -devel. I came across this: http://seclists.org/oss-sec/2012/q2/493
Is the Squeeze version affected? And SID? By reading it, especially the end about GCC, it's unclear to me if we need an urgent patch: "To my knowledge gcc builtin memcmp is safe, BSD libc memcmp is safe. Linux glibc sse-optimized memcmp is not safe, but gcc usually uses the inlined builtin version." In which case are we? Cheers, Thomas -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4fd62e80.20...@goirand.fr