[Evolution] Bug#484369: evolution: Building with -D_FORTIFY_SOURCE=2
Moritz Muehlenhoff
jmm at debian.org
Tue Jun 3 21:50:18 UTC 2008
Package: evolution
Severity: wishlist
Although format string vulnerabilities are becoming less common
in general, they're still occasionally being found in Evolution,
e.g. CVE-2007-1002 and CVE-2008-0072 in the recent two years.
Building with -D_FORTIFY_SOURCE=2 prevents exploitability for
many format string attacks. Could you build Lenny's Evolution
with it enabled?
Please see the package hardening-wrapper for easy testing and
the README.Debian included within.
Cheers,
Moritz
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.25-2-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
More information about the Pkg-evolution-maintainers
mailing list