Re: [SECURITY] [DSA 2807-1] links2 security update

2013-11-30 Thread Florian Böhmdorfer 
ist online

-- 
Flo Böhmdorfer

Sat, Nov 30, 2013 at 05:31:58PM +0100
Moritz Muehlenhoff (j...@debian.org) :

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 - -
 Debian Security Advisory DSA-2807-1   secur...@debian.org
 http://www.debian.org/security/Moritz Muehlenhoff
 November 30, 2013  http://www.debian.org/security/faq
 - -
 
 Package: links2
 Vulnerability  : integer overflow
 Problem type   : remote
 Debian-specific: no
 CVE ID : CVE-2013-6050
 
 Mikulas Patocka discovered an integer overflow in the parsing of HTML 
 tables in the Links web browser. This can only be exploited when running 
 Links in graphical mode.
 
 For the oldstable distribution (squeeze), this problem has been fixed in
 version 2.3~pre1-1+squeeze2.
 
 For the stable distribution (wheezy), this problem has been fixed in
 version 2.7-1+deb7u1.
 
 For the testing distribution (jessie), this problem has been fixed in
 version 2.8-1.
 
 For the unstable distribution (sid), this problem has been fixed in
 version 2.8-1.
 
 We recommend that you upgrade your links2 packages.
 
 Further information about Debian Security Advisories, how to apply
 these updates to your system and frequently asked questions can be
 found at: http://www.debian.org/security/
 
 Mailing list: debian-security-annou...@lists.debian.org
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.15 (GNU/Linux)
 
 iEYEARECAAYFAlKaEsAACgkQXm3vHE4uylo5GQCeK591/fdk5dWM58+llKUkucPA
 WpwAoK4GPo5mEtkKRHCrMrL5eo5tDh4h
 =kVGD
 -END PGP SIGNATURE-
 
 
 -- 
 To UNSUBSCRIBE, email to debian-security-announce-requ...@lists.debian.org
 with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
 Archive: http://lists.debian.org/20131130163158.GA5375@pisco.westfalen.local
 


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131130165745.GA6039@axel.ulundi

Re: MIT discovered issue with gcc

2013-11-30 Thread Bernhard R. Link 
* Joel Rees joel.r...@gmail.com [131129 00:36]:
 The standard needs to be re-written to encourage sane behavior in
 undefined situations, and if you don't like that opinion, I'll take
 some time later, when I have some, to rip your arguments that I've
 clipped above to shreds. I don't mind if you don't.

I think the only answer to those lines is to advise you to not use
any programs written in C. I suggest writing everything in Haskell
and compiling that to java byte code run in a jvm. With the jvm
implemented in Haskell and running in an interpreter.

Bernhard R. Link
-- 
F8AC 04D5 0B9B 064B 3383  C3DA AFFC 96D1 151D FFDC


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20131201002650.gb4...@client.brlink.eu

Re: MIT discovered issue with gcc

2013-11-30 Thread Jordon Bedwell 
On Nov 30, 2013 6:29 PM, Bernhard R. Link brl...@debian.org wrote:

 * Joel Rees joel.r...@gmail.com [131129 00:36]:
  The standard needs to be re-written to encourage sane behavior in
  undefined situations, and if you don't like that opinion, I'll take
  some time later, when I have some, to rip your arguments that I've
  clipped above to shreds. I don't mind if you don't.

 I think the only answer to those lines is to advise you to not use
 any programs written in C. I suggest writing everything in Haskell
 and compiling that to java byte code run in a jvm. With the jvm
 implemented in Haskell and running in an interpreter.

That'll be interesting to see.