Hello, * Nico Golde [Sun, Apr 26, 2009 at 06:30:39PM +0200]: > the following CVE (Common Vulnerabilities & Exposures) id was > published for mpfr some time ago. > > CVE-2009-0757[0]: > | Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent > | attackers to cause a denial of service (crash) via the (1) > | mpfr_snprintf and (2) mpfr_vsnprintf functions. > > Unfortunately the vulnerability described above is not important enough > to get it fixed via regular security update in Debian stable. It does > not warrant a DSA.
Thank you for pointing out this problem. It seems however that the buggy functions were not yet available in the lenny version (2.3.1), and are already fixed in the testing/unstable version (2.4.1). Laurent. -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
