Hi,
The issue can easily be reproduced on an x86_64 system running squeeze
with the public reproducer.
Valgrind also shows the issue (but beware of the time and memory it takes).
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
--
To UNSUBSCRIBE, email to debian-
On Thu, Feb 28, 2013 at 21:56:12 +0100, Gianluca Ciccarelli wrote:
> I tag the issue with `squeeze' because it is the only
> possibly vulnerable version (<2.11).
>
Please don't do that. That's not what the suite tags are for, version
tracking does that job (I removed the tag).
Cheers,
Julien
tags 701897 squeeze unreproducible
--
I have tried the PoC proposed by the original reported, but
have different outcomes:
- On a running squeeze distribution, nothing happens. No
segfaults, in particular.
- On a wheezy machine, I downloaded version 2.6.3's .dsc
from the QA page's link, config
Package: grep
Severity: grave
Version: 2.6.3-3
Tags: security
X-Debbugs-CC: secure-testing-t...@lists.alioth.debian.org
Hi,
the following vulnerability was published for grep.
CVE-2012-5667[0]:
| Multiple integer overflows in GNU Grep before 2.11 might allow
| context-dependent attackers to execu
4 matches
Mail list logo