On Sat, Feb 14, 2015 at 03:41:21PM +0100, Luciano Bello wrote: > Package: nvi > Severity: important > Tags: security patch > > The security team received a report from the CERT Coordination Center that > the > Henry Spencer regular expressions (regex) library contains a heap overflow > vulnerability. It looks like this package includes the affected code at > that's > the reason of this bug report. > > The patch is available here: > http://gitweb.dragonflybsd.org/dragonfly.git/blobdiff/4d133046c59a851141519d03553a70e903b3eefc..2841837793bd095a82f477e9c370cfe6cfb3862c:/lib/libc/regex/regcomp.c
Building with "--disable-re" should fix this. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-qa-packages-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150216183718.GA3514@pisco.westfalen.local