Bug#655880: Please enabled hardened build flags

Moritz Mühlenhoff jmm at inutil.org
Tue May 8 17:48:24 UTC 2012


On Sat, Apr 07, 2012 at 12:27:05PM +0930, Ron wrote:
> 
> Hi Moritz,
> 
> On Fri, Apr 06, 2012 at 06:35:26PM +0200, Moritz Mühlenhoff wrote:
> > On Sat, Jan 14, 2012 at 03:21:47PM +0100, Moritz Muehlenhoff wrote:
> > > Package: speex
> > > Version: 1.2~rc1-3
> > > Severity: important
> > > Tags: patch
> > > 
> > > Please enabled hardened build flags through dpkg-buildflags.
> > 
> > What's the status? Do you plan an upload in the next weeks or
> > shall I upload a NMU?
> 
> There was an open question of whether we were actually going to do a new
> upstream release, and whether there was going to be some new optimisation
> code for ARM to include with it, so I was kind of waiting to see what
> evolved from that first - but that talk seems to have somewhat gone off
> the boil again for the present (and it's not a blocker for this either
> way, aside from batching work together).
> 
> Is there some particular urgency to this that I should be aware of?
> 
> Speex isn't exactly a hotbed of security problems, there have been, like,
> precisely none that have come to light since 2008 or so when this version
> was uploaded - so while I haven't forgotten this, it hasn't quite seemed
> like something that couldn't wait until there were other reasons for an
> upload either.  At least for a while.
> 
> I'd rather do it myself, since that will be easier than merging an NMU,
> so if you have some reason it should be bumped up the priority queue,
> then indeed, I'd like to know about that.

Sorry for the late reply. I would appreciate if this were fixed before the
Wheezy release, but other than that there's no urgency.

Cheers,
        Moritz






More information about the Pkg-voip-maintainers mailing list