Bug#710830: gcc-4.7: CVE-2002-2439
Package: gcc-4.7
Severity: serious
Version: 4.7.0-1
Tags: security, patch
Hi,
An integer overflow issue was discovered for gcc-4.7:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439
This is already fixed in gcc-4.8.
These seem to be the two relevant patches that fix the problem:
http://gcc.gnu.org/ml/gcc-patches/2012-08/msg01416.html
http://gcc.gnu.org/ml/gcc-patches/2012-06/msg01689.html
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2439
http://security-tracker.debian.org/tracker/CVE-2002-2439
Please adjust the affected versions in the BTS as needed.
Reply to: