[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#697563: pu: package swi-prolog/5.10.1-1+b1

Control: tags -1 + squeeze confirmed

On Mon, 2013-01-07 at 00:57 +0100, Євгеній Мещеряков wrote:
> The version of swi-prolog in squeeze has two unfixed minor security
> vulnerabilities, buffer overflows CVE-2012-6089 and CVE-2012-6090,
> bug #697416. The security team decided that there will be no DSA for
> those issues. It was proposed to fix those issues via stable updates.

+swi-prolog (5.10.1-2) stable; urgency=low
+
+  * Update Maintainer field in debian/control 
+  * New patches (taken from RedHat bugzilla, closes: #697416):
+    - CVE-2012-6089.diff - fix for CVE-2012-6089 - possible buffer overrun in
+      path canonisation code 
+    - CVE-2012-6090.diff - fix for CVE-2012-6090 - Possible buffer overflows
+      when expanding file-names with long paths 

5.10.1-1+squeeze1 would be a more conventional version number here, to
make it clearer that the upload was made "out of sequence". Please go
ahead; thanks.

Regards,

Adam
Reply to: