On Mon, Mar 26, 2012 at 9:49 PM, Simon Ruderich <si...@ruderich.org> wrote: > On Mon, Mar 26, 2012 at 08:44:32PM +0300, Damyan Ivanov wrote: >> The two binaries that the patch fixes are used only during the build >> process and aren't shipped in the resulting binary packages. The first >> part of the patch is about the program that creates ibase.h header >> file, and the other is the custom-built syntax parser that is later >> used during the build. >> >> Both of these never see user input or any external data. Their only >> input is what the build system gives them. >> >> Is there any proof that the missing hardening flags are a real >> problem? > > In that case it's not a real (security) problem. Sorry for the > wrong severity, I didn't check if they are just used during the > build. > > But it should be fixed anyway to make automatic checks to detect > missing (hardening) flags of build logs possible and to prevent > problems in the future.
I agree let's apply them if they do no harm I also send to firebird-devel to be applied upstream -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org