Hi, * Laurent Fousse <laur...@komite.net> [2009-05-09 16:34]: > * Nico Golde [Sun, Apr 26, 2009 at 06:30:39PM +0200]: > > the following CVE (Common Vulnerabilities & Exposures) id was > > published for mpfr some time ago. > > > > CVE-2009-0757[0]: > > | Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent > > | attackers to cause a denial of service (crash) via the (1) > > | mpfr_snprintf and (2) mpfr_vsnprintf functions. > > > > Unfortunately the vulnerability described above is not important enough > > to get it fixed via regular security update in Debian stable. It does > > not warrant a DSA. > > Thank you for pointing out this problem. It seems however that the > buggy functions were not yet available in the lenny version > (2.3.1), and are already fixed in the testing/unstable version (2.4.1).
Alright, thank you for this information! Cheers Nico P.S. Luk, I'm subscribed but thanks! ;-P -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpBDdIvXqbmz.pgp
Description: PGP signature
