On Sat, 16 Sep 2017 16:40:24 +0200 Julien Aubin <julien.au...@gmail.com> wrote: > 2017-09-15 21:03 GMT+02:00 Christoph Anton Mitterer <cales...@scientia.net >: > > > On Fri, 2017-09-15 at 19:18 +0100, Ben Hutchings wrote: > > > Probably less critical than you think, since we enable > > > CONFIG_CC_STACKPROTECTOR. > > > > Well... yes, but it wouldn't be the first time in history, that such > > defence could then also be circumvented in the next evolution of an > > exploit :-) > > > > But of course you can lower the bug severity if you think this is > > appropriate. > > > > Cheers&thx. > > > Looks like such issue has been found, stack clash is back : > https://security-tracker.debian.org/tracker/CVE-2017-1000379
Could you please backport the fix to stable ? Thanks !