Clicking around, I got here: https://lwn.net/Alerts/626364/
Which says: Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 gnustep-base/gnustep-base < 1.24.6-r1 >= 1.24.6-r1 NIST's NVD: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2980 which links to the following diff: http://svn.gna.org/viewcvs/gnustep/libs/base/trunk/Tools/gdomap.c?r1=37756&r2=37755&pathrev=37756 and to the bug on Savannah: https://savannah.gnu.org/bugs/?41751 and to following email on seclists: http://seclists.org/oss-sec/2014/q2/152 Sounds like it's been resolved for several months now. It's still worth bringing up for people who are using pre-1.24.6 GNUstep and depend on gdomap. On Tue, Dec 30, 2014 at 4:07 PM, Gregory Casamento <[email protected] > wrote: > I'm bringing this to the attention of the list.... > > https://lwn.net/Vulnerabilities/626438/ > > I don't know any additional details regarding this issue other than > what is on that webpage. Is this an issue that has already been > addressed internally? > > GC > -- > Gregory Casamento > GNUstep Lead Developer / OLC, Principal Consultant > http://www.gnustep.org - http://heronsperch.blogspot.com > http://ind.ie/phoenix/ > > _______________________________________________ > Gnustep-dev mailing list > [email protected] > https://lists.gnu.org/mailman/listinfo/gnustep-dev > -- Ivan Vučica [email protected]
_______________________________________________ Gnustep-dev mailing list [email protected] https://lists.gnu.org/mailman/listinfo/gnustep-dev
