On Thu, 2008-04-17 at 09:03 +0200, Gianluca Sforna wrote: > I just read this news on LWN ( BTW, thanks to Jeff for providing me a > free subscription... ) > > Are our packages affected by this gcc "feature" ? > > http://www.kb.cert.org/vuls/id/162289 > > In other words, do our default compilation flags lessen or nullify the > impact of that problem? This is certainly not a security vulnerability and Fedora did not consider it as such. It is likely that most of Fedora 9 packages are compiled with this bug, but it's certainly not worth recompiling them to fix it and will most likely have no consequences at all. Fedora 8 gcc and packages did not have this problem. A first glance I do not see anything in Fedora 9 gcc changelog that would say this is fixed. It should be probably easy for you to check it yourself -- proof of concept for 32 bit architectures is depicted in the advisory. Regards, -- Lubomir Kundrak (Red Hat Security Response Team) -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
