Martin Pitt <[EMAIL PROTECTED]> wrote:
> Hi!
>
> This has been assigned CAN-2005-3011, please mention this number in
> the changelog when you fix this to allow easy tracking.
The current version, 4.8, is as well vulnerable:
[EMAIL PROTECTED]:~$ diff -u
src/packages_for_sponsoring/texinfo-4.{7,8}/util/texindex.c
--- src/packages_for_sponsoring/texinfo-4.7/util/texindex.c 2004-03-18
23:26:53.000000000 +0100
+++ src/packages_for_sponsoring/texinfo-4.8/util/texindex.c 2004-04-11
19:56:47.000000000 +0200
@@ -1,5 +1,5 @@
/* texindex -- sort TeX index dribble output into an actual index.
- $Id: texindex.c,v 1.3 2004/03/18 22:26:53 karl Exp $
+ $Id: texindex.c,v 1.11 2004/04/11 17:56:47 karl Exp $
Copyright (C) 1987, 1991, 1992, 1996, 1997, 1998, 1999, 2000, 2001,
2002, 2003, 2004 Free Software Foundation, Inc.
I have no idea whether and how I can (request to) change the info in the CVE
database.
Regards, Frank
P.S. Frank, since you seem to be working on the source code of 4.7,
maybe you want to join the discussion in #320413 about taking over the
package from Josip, who seems to be MIA.
--
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer
