*** This bug is a security vulnerability *** Public security bug reported:
As reported in #1437087, this fix for that issue caused a regression as discussed on the debian-gis list: https://lists.debian.org/debian-gis/2015/11/msg00013.html In Debian this has been fixed for jessie in freexl (1.0.0g-1+deb8u3) and wheezy in freexl (1.0.0b-1+deb7u3) with [DSA 3208-2] freexl regression update (https://lists.debian.org/debian-security- announce/2015/msg00302.html). Ubuntu needs the same regression fix for trusty & vivid. I've prepared updates for the Ubuntu packages in git: http://anonscm.debian.org/cgit/pkg-grass/freexl.git/?h=ubuntu/trusty http://anonscm.debian.org/cgit/pkg-grass/freexl.git/?h=ubuntu/vivid Besides the fix for the regression introduced by afl- vulnerabilitities.patch, they also contain 32bit-multiplication- overflow.patch that was included in freexl (1.0.0g-1+deb8u2) for jessie- security and freexl (1.0.0b-1+deb7u2) for wheezy-security. 32bit- multiplication-overflow.patch was backported from FreeXL 1.0.2 and already included in wily & xenial. ** Affects: freexl (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1516257 Title: [DSA 3208-2] freexl regression update To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freexl/+bug/1516257/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
