Zack Weinberg wrote: > I'd prefer not to drop the minimum version below the most recent point > at which an exploitable crasher bug was fixed, which (according to > pcre's NEWS file) was 7.6. There probably isn't an attack vector with > our usage but I can't prove it so I'd rather be safe. > > (Can you find out if FC9 backported those fixes?)
The pcre package in F9 has a backported fix for CVE-2008-0674, and also a fix for the more recent CVE-2008-2371 problem. - Thomas _______________________________________________ Monotone-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/monotone-devel
