On Mon, Feb 23, 2015 at 02:16:25PM +0100, Eugen Dedu wrote: > tag 778404 fixed-upstream > thanks > > On 16/02/15 17:33, Eugen Dedu wrote: > >On 16/02/15 17:19, Moritz Muehlenhoff wrote: > >>severity 778404 minor > >>thanks > >> > >>On Sat, Feb 14, 2015 at 03:39:19PM +0100, Luciano Bello wrote: > >>>Package: ptlib > >>>Severity: important > >>>Tags: security patch > >>> > >>>The security team received a report from the CERT Coordination Center > >>>that the > >>>Henry Spencer regular expressions (regex) library contains a heap > >>>overflow > >>>vulnerability. It looks like this package includes the affected code > >>>at that's > >>>the reason of this bug report. > >> > >>The configure script picks the glibc regex code, so this doesn't affect > >>the Debian binary packages. > > > >Thank you for the analysis. > > > >>It would still be useful to report this upstream, so that they update > >>the local regex code (it could be that the local one is used when > >>building with a libc other than glibc) > > > >I will do it, I have commit access. > > I have committed the patch upstream, thank you: > > https://sourceforge.net/p/opalvoip/code/33381/ > and > https://sourceforge.net/p/opalvoip/code/33382/ > > Shouldn't we close this bug in debian?
You can either close it rightway and once the new upstream release with above changes hits unstable. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org