On Mon, Mar 30, 2015 at 06:30:57AM +0200, Salvatore Bonaccorso wrote:
> Source: musl
> Version: 1.1.5-1
> Severity: grave
> Tags: security upstream patch fixed-upstream
>
> Hi,
>
> the following vulnerability was published for musl.
>
> CVE-2015-1817[0]:
> stack-based buffer overflow in ipv6 literal parsing
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
Kevin, when you make an upload, please also include the regex changes
between 1.1.7 and current master/1.1.8.
I had been in contact with the upstream author and he recommended to
add them as well; these changes have also been spotted by regexp fuzzing.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
