Control: notfound -1 1.10-2 Hi,
On Thu, Jan 12, 2017 at 03:47:49PM +0100, Moritz Muehlenhoff wrote: > Package: ed > Severity: important > Tags: security > > Hi Martin, > please see http://seclists.org/oss-sec/2017/q1/70 for more information > and a patch. A CVE ID is not yet available. > > For stable, this doesn't warrant a DSA, but we could fix it through > a point release. I think this issue is actually not yet present in Debian and fixed upstream with 1.14.1. In version after 1.13 a malloc'ed buffer was changed to a static one, but the free of exp forgotten, cf. https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00001.html Regards, Salvatore
