Bug#560948: CVE-2009-3560 and CVE-2009-3720 denial-of-services
notfound 2007.dfsg.2-4+lenny1
notfound 2009-3
stop
On 13.12.09 Michael Gilbert (michael.s.gilbert@gmail.com) wrote:
> package: texlive-bin
> severity: serious
> tags: security
>
> Hi,
>
> The following CVE (Common Vulnerabilities & Exposures) ids were
> published for expat. I have determined that this package embeds a
> vulnerable copy of xmlparse.c and xmltok_impl.c. However, since this is
> a mass bug filing (due to so many packages embedding expat), I have
> not had time to determine whether the vulnerable code is actually
> present in any of the binary packages derived from this source package.
> Please determine whether this is the case. If the binary packages are
> not affected, please feel free to close the bug with a message
> containing the details of what you did to check.
>
I checked the build logs available at https://buildd.debian.org/ . I
found no trace that these files are even compiled. I that sufficient
to prove that we're not affected?
Hilmar
--
sigmentation fault
Reply to: