tags 491182 + patch pending thanks Hi,
The following is the diff for my byacc 20070509-1.1 NMU on its way. Kind regards T. diff -u byacc-20070509/debian/changelog byacc-20070509/debian/changelog --- byacc-20070509/debian/changelog +++ byacc-20070509/debian/changelog @@ -1,3 +1,11 @@ +byacc (20070509-1.1) unstable; urgency=high + + * Non-maintainer upload. + * Fix stack overflow in skeleton.c with upstream patch. + Closes: #491182 aka CVE-2008-3196 + + -- Thomas Viehmann <[EMAIL PROTECTED]> Sun, 24 Aug 2008 23:13:07 +0200 + byacc (20070509-1) unstable; urgency=low * New upstream release only in patch2: unchanged: --- byacc-20070509.orig/skeleton.c +++ byacc-20070509/skeleton.c @@ -21,6 +21,7 @@ "#endif", "", "#include <stdlib.h>", + "#include <string.h>", "", "#define YYBYACC 1", CONCAT1("#define YYMAJOR ", YYMAJOR), @@ -275,7 +276,10 @@ " YYPREFIX, yystate, yyn, yyrule[yyn]);", "#endif", " yym = yylen[yyn];", - " yyval = yyvsp[1-yym];", + " if (yym)", + " yyval = yyvsp[1-yym];", + " else", + " memset(&yyval, 0, sizeof yyval);", " switch (yyn)", " {", 0 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]