Re: CVE-2023-31975: memory leak in yasm

[Stuart Henderson <stu () spacehopper org>]

On 2023/06/23 01:20, Smith, Stewart wrote:
> Even if you were doing all the wrong things and running a yasm-as-a-service continually building untrusted source 
> right alongside other processes as the same user, that contain all sorts of things you don’t want exposed, I still 
> don’t see how this would be anything but a 0.0.

Some are conflating "doesn't work how we want with our tools to find
leaks and vulnerabilities without extra work" with a vulnerability itself.

Still, this is just how the CVE system works, it's not imho really
useful as anything more than a ticket system tracking id to tie
together information about a particular thing which may/may not be
an actual problem (and possibly less useful than that).


On 2023/06/21 22:11, Jeffrey Walton wrote:
> Just ask the OpenJDK developers who had to contend with the OpenSSL
> memory leaks that exhausted all memory on Android devices. The

not GNU

> Another offender from GNU is ncurses. It leaks like a sieve, too.

also not GNU