oss-sec mailing list archives
Re: Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx)
From: Michael Orlitzky <michael () orlitzky com>
Date: Sat, 30 Sep 2023 19:28:46 -0400
On Sat, 2023-09-30 at 13:00 -0400, Demi Marie Obenour wrote:
It is also worth noting that Rust-the-language supports dynamic linking. Once Cargo supports this and downstreams (like Fedora) obtain sufficient build capacity, it will be possible to use dynamic linking by performing automatic cascading rebuilds whenever a package is upgraded. Arch already does this for Haskell IIUC.
We do it for Haskell in Gentoo, too, but we have a dark secret: it only works because Haskell became unpopular. There are basically only two Haskell programs, and everything works for n = 2.
Current thread:
- CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Alan Coopersmith (Sep 28)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Demi Marie Obenour (Sep 28)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx nightmare . yeah27 (Sep 29)
- Re: Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Demi Marie Obenour (Sep 29)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Michael Orlitzky (Sep 29)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Travis Finkenauer (Sep 29)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Michael Orlitzky (Sep 29)
- Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx) Dominique Martinet (Sep 30)
- Re: Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx) Demi Marie Obenour (Sep 30)
- Re: Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx) Michael Orlitzky (Sep 30)
- Re: Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx) Steffen Nurpmeso (Sep 30)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx nightmare . yeah27 (Sep 29)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Demi Marie Obenour (Sep 28)