Public bug reported:
Binary package hint: tcl8.3
Please sync tcl8.3 8.3.5-13 (main) from Debian unstable (main).
Changelog since current intrepid version 8.3.5-12:
tcl8.3 (8.3.5-13) unstable; urgency=medium
* Fixed CVE-2007-4772 vulnerability (The regular expression parser in TCL
before 8.4.17 allows attacker to cause a denial of service (infinite
loop) via a crafted regular expression.)
* Fixed CVE-2007-6067 vulnerability (The regular expression parser in TCL
allows users to cause a denial of service (memory consumption) via a
crafted "complex" regular expression with doubly-nested states.)
* Set urgency to medium as this upload fixes a security bug.
* Protected quilt calls in debian/rules to make the source package
convertible to 3.0 (quilt) format (closes: #484912).
* Bumped standards version to 3.8.0.
-- Sergei Golovan <[EMAIL PROTECTED]> Sat, 05 Jul 2008 17:31:11
+0400
** Affects: tcl8.3 (Ubuntu)
Importance: Wishlist
Status: New
** Changed in: tcl8.3 (Ubuntu)
Importance: Undecided => Wishlist
--
Please sync tcl8.3 8.3.5-13 (main) from Debian unstable (main).
https://bugs.launchpad.net/bugs/246423
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
