Bug#697563: pu: package swi-prolog/5.10.1-1+b1
Control: tags -1 + squeeze confirmed
On Mon, 2013-01-07 at 00:57 +0100, Євгеній Мещеряков wrote:
> The version of swi-prolog in squeeze has two unfixed minor security
> vulnerabilities, buffer overflows CVE-2012-6089 and CVE-2012-6090,
> bug #697416. The security team decided that there will be no DSA for
> those issues. It was proposed to fix those issues via stable updates.
+swi-prolog (5.10.1-2) stable; urgency=low
+
+ * Update Maintainer field in debian/control
+ * New patches (taken from RedHat bugzilla, closes: #697416):
+ - CVE-2012-6089.diff - fix for CVE-2012-6089 - possible buffer overrun in
+ path canonisation code
+ - CVE-2012-6090.diff - fix for CVE-2012-6090 - Possible buffer overflows
+ when expanding file-names with long paths
5.10.1-1+squeeze1 would be a more conventional version number here, to
make it clearer that the upload was made "out of sequence". Please go
ahead; thanks.
Regards,
Adam
Reply to: