Martin Pitt <[EMAIL PROTECTED]> wrote: > Hi! > > This has been assigned CAN-2005-3011, please mention this number in > the changelog when you fix this to allow easy tracking.
The current version, 4.8, is as well vulnerable: [EMAIL PROTECTED]:~$ diff -u src/packages_for_sponsoring/texinfo-4.{7,8}/util/texindex.c --- src/packages_for_sponsoring/texinfo-4.7/util/texindex.c 2004-03-18 23:26:53.000000000 +0100 +++ src/packages_for_sponsoring/texinfo-4.8/util/texindex.c 2004-04-11 19:56:47.000000000 +0200 @@ -1,5 +1,5 @@ /* texindex -- sort TeX index dribble output into an actual index. - $Id: texindex.c,v 1.3 2004/03/18 22:26:53 karl Exp $ + $Id: texindex.c,v 1.11 2004/04/11 17:56:47 karl Exp $ Copyright (C) 1987, 1991, 1992, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc. I have no idea whether and how I can (request to) change the info in the CVE database. Regards, Frank P.S. Frank, since you seem to be working on the source code of 4.7, maybe you want to join the discussion in #320413 about taking over the package from Josip, who seems to be MIA. -- Frank Küster Inst. f. Biochemie der Univ. Zürich Debian Developer