oss-sec mailing list archives
Re: Alleged libstdc++ vulnerabilities
From: Jonathan Wakely <jwakely.gcc () gmail com>
Date: Fri, 14 Aug 2015 18:55:01 +0100
On 14 August 2015 at 18:49, Florian Weimer wrote:
Does anybody know what this is about and can point to the relevant PRs? “discovered serious security bugs in […] libstdc++” <http://www.news.gatech.edu/2015/08/13/georgia-tech-finds-11-security-flaws-popular-internet-browsers-using-new-analysis-method> The USENIX paper <https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-lee.pdf> does not back up this claim.
The paper abstract says "discovered 11 previously unknown security vulnera- bilities: nine in GNU libstdc++ and two in Firefox, all of which have been confirmed and subsequently fixed by vendors. " I guess they are referring to https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63345
Current thread:
- Alleged libstdc++ vulnerabilities Florian Weimer (Aug 14)
- Re: Alleged libstdc++ vulnerabilities Jonathan Wakely (Aug 14)
- Re: Alleged libstdc++ vulnerabilities Jonathan Wakely (Aug 14)
- Re: Alleged libstdc++ vulnerabilities Jonathan Wakely (Aug 14)