On Mon, Mar 30, 2015 at 06:30:57AM +0200, Salvatore Bonaccorso wrote: > Source: musl > Version: 1.1.5-1 > Severity: grave > Tags: security upstream patch fixed-upstream > > Hi, > > the following vulnerability was published for musl. > > CVE-2015-1817[0]: > stack-based buffer overflow in ipv6 literal parsing > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
Kevin, when you make an upload, please also include the regex changes between 1.1.7 and current master/1.1.8. I had been in contact with the upstream author and he recommended to add them as well; these changes have also been spotted by regexp fuzzing. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org