Control: tags -1 + squeeze confirmed On Mon, 2013-01-07 at 00:57 +0100, Євгеній Мещеряков wrote: > The version of swi-prolog in squeeze has two unfixed minor security > vulnerabilities, buffer overflows CVE-2012-6089 and CVE-2012-6090, > bug #697416. The security team decided that there will be no DSA for > those issues. It was proposed to fix those issues via stable updates.
+swi-prolog (5.10.1-2) stable; urgency=low + + * Update Maintainer field in debian/control + * New patches (taken from RedHat bugzilla, closes: #697416): + - CVE-2012-6089.diff - fix for CVE-2012-6089 - possible buffer overrun in + path canonisation code + - CVE-2012-6090.diff - fix for CVE-2012-6090 - Possible buffer overflows + when expanding file-names with long paths 5.10.1-1+squeeze1 would be a more conventional version number here, to make it clearer that the upload was made "out of sequence". Please go ahead; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
