Hi, On 2009-03-26 14:07:08 +0100, Hilmar Preusse wrote: > I can reproduce the problem using bibtex. Then I tried bibtex8 and > could generate a livre_fp.bbl file (blg file is attached). Do you > still assume it an "user security hole", which justifies the severity > "grave" or can you accept the work around and hence a lower severity?
I've set that in doubt. I think that all buffer overflows should seriously be taken into consideration as they can potentially be a real security hole (remember when Debian servers were compromised even though an exploit was thought to be impossible). Now, as here the bug seems to require a large bibtex file and action from the user (assuming no tex-compilation servers), the severity can probably be lowered. BTW, can bibtex8 safely be used in place of bibtex (no compatibility problems)? -- Vincent Lefèvre <vinc...@vinc17.org> - Web: <http://www.vinc17.org/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/> Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
