Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 14 Aug 2015 19:08:41 +0100
From: Jonathan Wakely <>
To: Florian Weimer <>
Cc: "libstdc++" <>,
Subject: Re: Alleged libstdc++ vulnerabilities

On 14 August 2015 at 18:55, Jonathan Wakely wrote:
> On 14 August 2015 at 18:49, Florian Weimer wrote:
>> Does anybody know what this is about and can point to the relevant PRs?
>> “discovered serious security bugs in […] libstdc++”
>> <>
>> The USENIX paper
>> <>
>> does not back up this claim.
> The paper abstract says "discovered 11 previously unknown security vulnera-
> bilities: nine in GNU libstdc++ and two in Firefox, all of which have
> been confirmed and subsequently fixed by vendors. "
> I guess they are referring to

And FWIW most of the "fixes" they suggested were just nonsense.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.