Hi, Am Donnerstag, den 29.01.2015, 11:35 +0900 schrieb Shohei Murayama: > The aeson-7.0.3 package has serious vulnerbility to DOS attack. > This issue had already reported and completely fixed in upstream, > see the URL. > > https://github.com/bos/aeson/issues/198 > > The following packages had been updated in order to fix the issue. > > aeson-7.0.3 -> aeson-7.0.6 > scientific-0.2.0.2 -> scientific-3.2.0 > attoparsec-0.11.2.1 -> attoparsec-0.11.3.4
thanks for the report. I doubt that we can fix this for jessie at this point in the release, and the version waiting in experimental already has the fix. Greetings, Joachim -- Joachim "nomeata" Breitner Debian Developer nome...@debian.org | ICQ# 74513189 | GPG-Keyid: F0FBF51F JID: nome...@joachim-breitner.de | http://people.debian.org/~nomeata
signature.asc
Description: This is a digitally signed message part
