Hi Cyril,
* Cyril Brulebois <[EMAIL PROTECTED]> [2007-11-16 04:53]:
> (And now actually attaching the patch???)
[...]
> From that point of view, it sounds sufficient to remove the -I/-L
> referring to the package's pcre in some files, as suggested in the
> attached patch, and to B-D on libpcre3-de
tag 450754 patch
thanks
Moritz Muehlenhoff <[EMAIL PROTECTED]> (09/11/2007):
> Package: vfu
> Severity: grave
> Tags: security
> Justification: user security hole
>
> vfu embeds a copy of pcre. There's been a recent security update for
> pcre (DSA-1399). (I'm not sure if vfu's pcre processes untr
(And now actually attaching the patch…)
Moritz Muehlenhoff <[EMAIL PROTECTED]> (09/11/2007):
> Package: vfu
> Severity: grave
> Tags: security
> Justification: user security hole
>
> vfu embeds a copy of pcre. There's been a recent security update for
> pcre (DSA-1399). (I'm not sure if vfu's pcr
Processing commands for [EMAIL PROTECTED]:
> tag 450754 patch
Bug#450754: vfu: Embeds a copy of pcre
Tags were: security
Tags added: patch
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator, Debian Bugs da
Package: vfu
Severity: grave
Tags: security
Justification: user security hole
vfu embeds a copy of pcre. There's been a recent security update for
pcre (DSA-1399). (I'm not sure if vfu's pcre processes untrusted regexps
or if it's all user-controlled. In that case it's not a security problem,
but
5 matches
Mail list logo