Reconsider usage of UBSAN #113
Comments
|
Also making a note that since the bug has been reported with RC (release-critical) severity, unless we fix it in Debian, it will be removed from the upcoming stable release (bookworm). |
|
Yeh, I don't think we actually need UBSAN. I just thought it might be a good idea when I added in. I didn't know it could introduce security vulnerability. I am just going to remove it for now, unless Adrian suggests that I should add ASAN alongside UBSAN, rather than just remove UBSAN. |
fangfufu
added a commit
that referenced
this issue
Feb 23, 2023
Address issue #113. Use of UBSAN in runtime could introduce vulnerabilities. Original bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031744 Reference: https://www.openwall.com/lists/oss-security/2016/02/17/9
|
Closing as fixed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The Debian security team believes the usage of UBSAN in HTTPDirFS may bring more harm than good:
Original bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031744
The text was updated successfully, but these errors were encountered: