Package: swi-prolog Severity: important Tags: security Control: found -1 5.10.1-1 Control: found -1 5.10.4-4 Control: fixed -1 6.2.5-1
Hi, the following vulnerabilities were published for swi-prolog. CVE-2012-6089[0]: pl: Possible buffer overrun in patch canonisation code CVE-2012-6090[1]: pl: Possible buffer overflows when expanding file-names with long paths If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] http://security-tracker.debian.org/tracker/CVE-2012-6089 [1] http://security-tracker.debian.org/tracker/CVE-2012-6090 The version in experimental (6.2.5) already contains the fix. Redhat Bugzilla contains the patches based on 5.10.2 but they almost apply cleanly to the version 5.10.4 (apart file location)[3,4], but please double-check. [3]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6089 [4]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6090 Note that if you fix this in unstable, only make changes following the freeze policy for wheezy[5], so that an unblock might be asked to the release team. [5]: http://release.debian.org/wheezy/freeze_policy.html This vulnerability is marked 'low' and 'no-dsa', so there will be DSA for swi-prolog. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
