Hi, * Laurent Fousse <laurent@komite.net> [2009-05-09 16:34]: > * Nico Golde [Sun, Apr 26, 2009 at 06:30:39PM +0200]: > > the following CVE (Common Vulnerabilities & Exposures) id was > > published for mpfr some time ago. > > > > CVE-2009-0757[0]: > > | Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent > > | attackers to cause a denial of service (crash) via the (1) > > | mpfr_snprintf and (2) mpfr_vsnprintf functions. > > > > Unfortunately the vulnerability described above is not important enough > > to get it fixed via regular security update in Debian stable. It does > > not warrant a DSA. > > Thank you for pointing out this problem. It seems however that the > buggy functions were not yet available in the lenny version > (2.3.1), and are already fixed in the testing/unstable version (2.4.1). Alright, thank you for this information! Cheers Nico P.S. Luk, I'm subscribed but thanks! ;-P -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpnN0i1H_NhG.pgp
Description: PGP signature