FWIW, the security team just marked all the currently pending security issues of binutils in jessie as "no-dsa (minor issue)" which means they consider the issues are not serious enough to warrant a security upload.
after a quick review of the issues, i have also followed suit and marked the issues as "no-dsa" in wheezy, and removed the item from dla-needed.txt. this means it is unlikely we will make an upload to wheezy to fix those issues unless someone believes those issues are important enough to be fixed. from my perspective, the most serious issue is probably CVE-2017-7227, where GNU ld can be crashed with an arbitrary input script. this was marked as "low" severity by Red Hat as well... the other issues are all regarding debugging tools like addr2line which are unlikely to be used on a wheezy system, as they are more aimed at developping software... i hope that's alright with everyone! a. On 2017-03-22 08:10:11, Ola Lundqvist wrote: > Hi > > This was interesting information. Do you know the background why they were > not accepted? > I mean if this has been a known problem and the release team rejected it > maybe we should not do an update. Are there backwards compatibility > problems? > > Best regards > > // Ola > > On 21 March 2017 at 23:18, Matthias Klose <[email protected]> wrote: > >> On 21.03.2017 21:01, Ola Lundqvist wrote: >> > Hello dear maintainer(s), >> > >> > the Debian LTS team would like to fix the security issues which are >> > currently open in the Wheezy version of binutils: >> > https://security-tracker.debian.org/tracker/source-package/binutils >> > >> > Would you like to take care of this yourself? >> >> pleaes go ahead. afairc these patches were proposed during the wheezy >> freeze to >> be taken from the binutils branch, but not accepted. >> >> > > > -- > --- Inguza Technology AB --- MSc in Information Technology ---- > / [email protected] Folkebogatan 26 \ > | [email protected] 654 68 KARLSTAD | > | http://inguza.com/ Mobile: +46 (0)70-332 1551 | > \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / > --------------------------------------------------------------- -- Isn't man but a blossom taken by the wind, and only the mountains and the sea and the stars and this Land of the Gods real and everlasting? - James Clavell, Shōgun
