Bug#734746: flite: CVE-2014-0027

To: Paul Gevers <elbrus@debian.org>
Cc: security@debian.org, 734746@bugs.debian.org
Subject: Bug#734746: flite: CVE-2014-0027
From: Florian Weimer <fw@deneb.enyo.de>
Date: Thu, 09 Jan 2014 21:43:59 +0100
Message-id: <[🔎] 87ha9cdgxc.fsf@mid.deneb.enyo.de>
Reply-to: Florian Weimer <fw@deneb.enyo.de>, 734746@bugs.debian.org
In-reply-to: <[🔎] 52CF08D9.9090606@debian.org> (Paul Gevers's message of "Thu, 09 Jan 2014 21:38:49 +0100")
References: <[🔎] 20140109140746.7060.95970.reportbug@m25s06.vlinux.de> <[🔎] 52CF08D9.9090606@debian.org>

* Paul Gevers:

> I see that you tagged the above issue in the flite package as minor. Do
> you consider this issue severe enough for a security update in squeeze
> and wheezy? I am more than willing to provide the update, even via a
> (|o)pu, but is that considered worth the effort?

I couldn't reach this code via speech-dispatcher (with an active flite
module) or any other way (admittedly I tried only on Fedora).  If this
function can be called while using desktop accessibility tools, we
should probably fix it, otherwise, it does not appear necessary.

Reply to:

Follow-Ups:
- Bug#734746: flite: CVE-2014-0027
  - From: Paul Gevers <elbrus@debian.org>

References:
- Bug#734746: flite: CVE-2014-0027
  - From: Moritz Muehlenhoff <jmm@inutil.org>
- Bug#734746: flite: CVE-2014-0027
  - From: Paul Gevers <elbrus@debian.org>

Prev by Date: Bug#734746: flite: CVE-2014-0027
Next by Date: Processed: Re: Bug#734746: flite: CVE-2014-0027
Previous by thread: Bug#734746: flite: CVE-2014-0027
Next by thread: Bug#734746: flite: CVE-2014-0027
Index(es):
- Date
- Thread