Hi Cyril,
* Cyril Brulebois [EMAIL PROTECTED] [2007-11-16 04:53]:
(And now actually attaching the patch???)
[...]
From that point of view, it sounds sufficient to remove the -I/-L
referring to the package's pcre in some files, as suggested in the
attached patch, and to B-D on libpcre3-dev. As
Processing commands for [EMAIL PROTECTED]:
tag 450754 patch
Bug#450754: vfu: Embeds a copy of pcre
Tags were: security
Tags added: patch
thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(administrator, Debian Bugs database
(And now actually attaching the patch…)
Moritz Muehlenhoff [EMAIL PROTECTED] (09/11/2007):
Package: vfu
Severity: grave
Tags: security
Justification: user security hole
vfu embeds a copy of pcre. There's been a recent security update for
pcre (DSA-1399). (I'm not sure if vfu's pcre
tag 450754 patch
thanks
Moritz Muehlenhoff [EMAIL PROTECTED] (09/11/2007):
Package: vfu
Severity: grave
Tags: security
Justification: user security hole
vfu embeds a copy of pcre. There's been a recent security update for
pcre (DSA-1399). (I'm not sure if vfu's pcre processes untrusted
Package: vfu
Severity: grave
Tags: security
Justification: user security hole
vfu embeds a copy of pcre. There's been a recent security update for
pcre (DSA-1399). (I'm not sure if vfu's pcre processes untrusted regexps
or if it's all user-controlled. In that case it's not a security problem,
but
5 matches
Mail list logo