Bug#710830: gcc-4.7: CVE-2002-2439

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#710830: gcc-4.7: CVE-2002-2439
From: Michael Gilbert <mgilbert@debian.org>
Date: Sun, 2 Jun 2013 15:47:19 -0400
Message-id: <[🔎] CANTw=MNA1R=1L5KOJDHUd02gzxi3u_h0DXDLEFFiFL4DG_oeHA@mail.gmail.com>
Reply-to: Michael Gilbert <mgilbert@debian.org>, 710830@bugs.debian.org

Package: gcc-4.7
Severity: serious
Version: 4.7.0-1
Tags: security, patch

Hi,
An integer overflow issue was discovered for gcc-4.7:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439

This is already fixed in gcc-4.8.

These seem to be the two relevant patches that fix the problem:
http://gcc.gnu.org/ml/gcc-patches/2012-08/msg01416.html
http://gcc.gnu.org/ml/gcc-patches/2012-06/msg01689.html

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2439
    http://security-tracker.debian.org/tracker/CVE-2002-2439
Please adjust the affected versions in the BTS as needed.

Reply to:

Follow-Ups:
- Bug#710830: gcc-4.7: CVE-2002-2439
  - From: Matthias Klose <doko@debian.org>
- Processed: Re: Bug#710830: gcc-4.7: CVE-2002-2439
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Re: Upstream sources in future uploads of gnat-4.8
Next by Date: Bug#710845: g++-4.6: mipsel executables built -Wl,-z,now -fPIE crash on startup
Previous by thread: Results for 4.8.0 (Debian 4.8.0-9) testsuite on mipsel-unknown-linux-gnu
Next by thread: Bug#710830: gcc-4.7: CVE-2002-2439
Index(es):
- Date
- Thread